[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Password Cache for Active Session

From: Nathan Tuggy <bugzilla_at_nathan.tuggycomputer.com>
Date: Thu, 24 Dec 2009 10:11:56 -0800

You could also try using a password management tool like KeePass
(http://keepass.info/) or Password Safe (http://pwsafe.org/), both of
which I've used with considerable success. KeePass in particular allows
you to fill in credentials automatically, but timeout and lock the
database after a specified length of time has passed since last use. In
addition, both tools allow you to select between different credentials
to fill in, which would save time and make logging in more accurate.

Hope this helps.

On 2009-12-23 22:33, Ryan J Ollos wrote:
> christopher.reynard wrote:
>
>> We are required to have users authenticate but this information must not
>> be 'permanently' cached. Having to continuously enter user/pass
>> credentials just isnt really practical but entering them once at the
>> beginning of a session would be fine. Just wondering if you or anyone else
>> discovered a solution for this.
>>
>>
> I have the same issue as well using SVN with mod_dav_svn. We have several
> development systems in a lab where a users tests their code on the hardware
> (each machine has a single shared OS account). Users frequently use TSVN
> and so get prompted for their username / password frequently.
>
> We can't cache authentication data for those users because users would
> inevitably frequently forget to clear their authentication data before
> leaving the machine. I'm not too concerned about the security risk because
> its a secure building, but the log info for a checkin must be associated
> with the users performing the checkin. If we allowed authentication data to
> be cached, then inevitably users would end up performing checkins to the
> repository under a cached username that is not their own.
>
> Ideally I would like to be able to:
> * Specify the interval for which a username / password get cached (e.g. 30
> minutes).
> * Have this info cleared when a user logs out.
> * Enforce a server-side policy that prevents a user from caching their
> password client side. With the "temporary caching" of passwords, it would be
> practical to prevent users from caching authentication data even on their
> personal machines because they wouldn't have to enter their authentication
> data too often.
>
> I'm sure most or all of this is impractical under existing SVN and TSVN, but
> would definitely be interested to know if anyone has practical suggestions
> for implementing any of these features.
>

-- 
Nathan Tuggy
nathan_at_tuggycomputer.com
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2432932
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-12-24 19:12:22 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.