[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: passwords in subversion

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2004-12-11 18:25:17 CET

On Dec 11, 2004, at 6:00 AM, Rainer Pröbster wrote:

>> pat wrote:
>>> probably missed something). Is it possilbe to use cripted passwords
>>> ???
>>> Or is it possivle to use certificates for access to svn server ???
>>>
>>> I know the svn server can comunicate through ssh (commonly through
>>> secure
>>> layer), but is this possible for WebDAV too ??? Can WebDAV use secure
>>> communication ???
>>
>> The plain text passwords are just for svnserve. If you're using
>> Apache2
>> as the server you can use https + any standard auth method so there
>> are
>> no plaintext passwords involved.
>>
>> Michael Ching
>> michaelc@wush.net
>
> Hello,
>
> what if you want to or need to use just svnserve without ssh cause of
> performance or some administration (in case of no ssh on the client)
> causes?
> It's hard to accept that you must have unencrypted password files in
> this not
> uncommon case: Communication over apache is much slower and not every
> client
> wants to or can use ssh.
>

You might want to re-read chapter 6. There are 3 independent server
configurations, and I think you're getting them mixed up:

* apache server (http:// or https://): can use any authentication
available to apache. Typically, this means a file full of hashed
passwords, although passwords are essentially passed plaintext over the
network. But the link can be SSL encrypted, and even server/client
certificates can be used.

* 'svnserve' server (svn://): has a private user-db file full of
plaintext passwords.
   CRAM-MD5 authentication -- no plaintext passwords pass over the
network.

* 'svnserve' launched by ssh (svn+ssh://): ssh does all
authentication, there are no password files on disk, anywhere. svn
client asks ssh to launch a private, temporary 'svnserve' process
running on remotehost. (i.e. 'ssh remotehost svnserve -t'). ssh
issues a challenge to connect to remotehost, and the launched svnserve
issues no authentication challenge at all; it assumes the ssh username
is already authenticated. When the connection finishes, 'svnserve' is
gone.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Dec 11 18:28:35 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.