[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Tortoise SVN Using old password or no password after password change

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Sat, 17 Jan 2015 09:55:55 +0100

On 16.01.2015 13:27, markus_kopp_at_gothaer-systems.de wrote:
> Hi,
> i have the following Issue and it is easy to create:
> I have saved the password for an existing SVN Repository accessed via
> HTTPS.
> I change the password for the repository (on the server).
> When trying to browse the Repository after the Password Change i enter
> the same userid and the new password, but i do not set the save password
> checkbox and the following happens:
> In Apache access.log i can see several 401 Response Codes
> MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS
[snip]
> ..... several more ...
>
> In error.log i see that an access was tried with my Userid and the wrong
> (i think it's the old one, but i do not know) Password:
> [Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid:
> authentication failure for "/transfer/apps/PaScha": Password Mismatch
> ... several more ...
>
> Any Suggestions how to deal with this? From my point of view this is a
> bug. I have seen it several times and i had many reports by users locked
> out of our repository because they have tried to many logon requests
> with a wrong password.

When you have saved the password once, it's saved on disk and used on
every authentication request from the server.
If you now change the password on the server, that saved password is
still used (the client can't know that you've changed the password).
Since authentication fails with the old password, svn then asks for you
for the password. If you now enter that new password but don't save this
password to disk, then the very same happens over and over again:
the saved password is used, auth fails, your entered password is used,
auth succeeds.

The problem you see here is that the repository browser does many, many
connections to the repository, and each one requires authentication. So
for every one of those, the first authentication fails and the second
one succeeds - but your server has of course a limit on how many failed
authentications it allows before it blocks you.

There's nothing you can do here except to either clear the auth cache
(settings dialog, saved data) or save the new authentication immediately.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3094399
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2015-01-17 09:55:50 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.