On Thursday 15 December 2005 18:13, Phillip Susi wrote:
> It is not encrypted though. When I look in these files, I can see my
> passwords in clear text. By the way, I use a client certificate to
> authenticate to the server these days, and every time I run svn it asks
> me for the password to decrypt the certificate, even though it is stored
> here. I used to use a plain password over http instead of https and
> that old password is stored in the other text file in this directory,
> both are in clear text.
As I mentioned earlier in the thread, you may need to remove your auth
directory and try again. This was a new feature in 1.2.0. If you didn't
wipe out the auth directory at that point, then it's more than likely using
the format that already existed: which is store it plain text. If you delete
your auth directory, it will store your password in the wincrypt format
automatically.
> I also see the word 'password' in this file... is that the password type
> you speak of, and should be 'wincrypt' instead?
No, that's the key name for the password field. In my file, there is a
passtype followed by wincrypt:
K 8
passtype
V 8
wincrypt <-- this is the password type
K 8
password
V 272
<... long string of 272 ascii characters that bares no resemblance to my
password ...>
K 15
svn:realmstring
V 49
<https://xxx.yyy.zzz:443> Projects
K 8
username
V 9
loginname
END
HTH.
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Dec 16 02:21:05 2005