Re: Moving away from plain-text passwords in the server-side passwd file

From: Eric Gillespie <epg_at_pretzelnet.org>
Date: Wed, 21 May 2008 10:11:52 -0700

"Mark Phippard" <markphip_at_gmail.com> writes:

> mechanisms we support. It would be doable to write code that
> validates a username and password received from a client, but for this
> to work those have to be sent in the clear over the network. Those
> options are turned off in Subversion. Our docs say it is because we
> do not use TLS. If the server does not know the plaintext password

We need TLS support, absolutely. This would have been a nice
summer of code project ;->.

> I am basically saying we need to be clear what you can actually do
> with SASL today.

Sounds like we're in agreement, cool.

-- 
Eric Gillespie <*> epg_at_pretzelnet.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-05-21 19:12:06 CEST

This message: [ Message body ]
Next message: Mark Phippard: "Subversion 1.5 Release decision?"
Previous message: Mark Phippard: "Re: Moving away from plain-text passwords in the server-side passwd file"
In reply to: Mark Phippard: "Re: Moving away from plain-text passwords in the server-side passwd file"
Next in thread: Jeff Robins: "Re: Moving away from plain-text passwords in the server-side passwd file"
Reply: Jeff Robins: "Re: Moving away from plain-text passwords in the server-side passwd file"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]