[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: passwd file permissions with svn+ssh

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Tue, 29 Apr 2008 12:07:06 -0400

On Tue, 2008-04-29 at 12:00 -0400, Karl Fogel wrote:
> But if there is a readable Subversion 'passwd' file, how should
> svn+ssh:// interact with it? Not at all? Or if the same username is
> present in the passwd file, then should password authentication also be
> done?

Short answer: not at all.

Long answer: from the server's viewpoint, svnserve sees that it has been
executed in "tunnel mode" (-t) which means the EXTERNAL auth mechanism
is available to the client. This mechanism allows the client to
authenticate by fiat, providing no additional credentials. "I already
proved to you who I am, let's move on." In theory, the client could
ignore EXTERNAL and choose to authenticate to a different user by
username/password. Our client never chooses to do this, but the server
code allows it. In that case, svnserve would need access to the
password file. Since that's not an authentication scenario most people
are interested in (or one our client supports), such access is not
generally important.

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-29 18:07:37 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.