On Tue, 2008-04-29 at 12:00 -0400, Karl Fogel wrote:
> But if there is a readable Subversion 'passwd' file, how should
> svn+ssh:// interact with it? Not at all? Or if the same username is
> present in the passwd file, then should password authentication also be
> done?
Short answer: not at all.
Long answer: from the server's viewpoint, svnserve sees that it has been
executed in "tunnel mode" (-t) which means the EXTERNAL auth mechanism
is available to the client. This mechanism allows the client to
authenticate by fiat, providing no additional credentials. "I already
proved to you who I am, let's move on." In theory, the client could
ignore EXTERNAL and choose to authenticate to a different user by
username/password. Our client never chooses to do this, but the server
code allows it. In that case, svnserve would need access to the
password file. Since that's not an authentication scenario most people
are interested in (or one our client supports), such access is not
generally important.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-29 18:07:37 CEST