[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subclipse, client certs-plaintext password req'd?

From: Brian Clarke <brian_p_clarke_at_yahoo.com>
Date: 2005-07-19 16:20:54 CEST

I appreciate the quick response. So you're saying
there are hooks in place for Subclipse to prompt the
user for their client cert password but for some
reason they aren't exercised by JavaHL?

Perhaps I should restate the issue - I'm providing
"ssl-client-cert-file", but don't want to provide
"ssl-client-cert-password" in the 'servers' file.

If I enter the ssl-client-cert-password as plaintext,
both the svn command-line client and Subclipse succeed
in connecting to the repository. I'm trying to avoid
this situation, since having the plaintext password on
disk is likely to be unacceptable.

If I leave the password out: a) the 'svn' command-line
client prompts for a password and succeeds in
connecting to the repository, while b) Subclipse
(Eclipse SVN Repository Perspective->New Repository
Location...) doesn't prompt for a password and fails.

Any thoughts/experiences addressing this? We're really
looking forward to using Subclipse...and looks like
this is the last issue to resolve.

Thanks again for your help.
-Brian

--- Mark Phippard <MarkP@softlanding.com> wrote:

> Brian Clarke <brian_p_clarke@yahoo.com> wrote on
> 07/19/2005 09:07:47 AM:
>
> > I'm looking for some input regarding using client
> > certificates with Subclipse. Based on
> > experimentation, it seems that Subclipse doesn't
> > support prompting for the client cert password -
> > instead, the user must store that password in
> plain
> > text in the Subversion 'servers' config file.
> >
> > Hopefully I've just missed something, since the
> svn
> > command-line client will prompt for a
> password...is
> > there any way to get Subclipse to do so (and only
> once
> > per "session")? If not, any chance that this will
> be
> > added?
>
> If you use JavaHL for your client adapter, then in
> theory, we are doing
> what is necessary for this to be working. JavaHL
> has an interface we
> provide to it, whereby it can ask us to prompt you
> for things like a
> certificate. We have implemented the interface, but
> JavaHL (which is part
> of Subversion) is in charge of using it or not. It
> certainly works for
> prompting to accept the server's certificate.
>
> Mark
>
>
>
_____________________________________________________________________________
> Scanned for SoftLanding Systems, Inc. by IBM Email
> Security Management Services powered by MessageLabs.
>
>
_____________________________________________________________________________
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@subclipse.tigris.org
> For additional commands, e-mail:
> users-help@subclipse.tigris.org
>
>

                
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
 
Received on Wed Jul 20 00:20:54 2005

This is an archived mail posted to the Subclipse Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.