[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cached client credentials not encrypted on Win2K with Subversion 1.2.3.

From: John Szakmeister <john_at_szakmeister.net>
Date: 2005-12-16 02:18:10 CET

On Thursday 15 December 2005 18:13, Phillip Susi wrote:
> It is not encrypted though. When I look in these files, I can see my
> passwords in clear text. By the way, I use a client certificate to
> authenticate to the server these days, and every time I run svn it asks
> me for the password to decrypt the certificate, even though it is stored
> here. I used to use a plain password over http instead of https and
> that old password is stored in the other text file in this directory,
> both are in clear text.

As I mentioned earlier in the thread, you may need to remove your auth
directory and try again. This was a new feature in 1.2.0. If you didn't
wipe out the auth directory at that point, then it's more than likely using
the format that already existed: which is store it plain text. If you delete
your auth directory, it will store your password in the wincrypt format
automatically.

> I also see the word 'password' in this file... is that the password type
> you speak of, and should be 'wincrypt' instead?

No, that's the key name for the password field. In my file, there is a
passtype followed by wincrypt:
  K 8
  passtype
  V 8
  wincrypt <-- this is the password type
  K 8
  password
  V 272
  <... long string of 272 ascii characters that bares no resemblance to my
password ...>
  K 15
  svn:realmstring
  V 49
  <https://xxx.yyy.zzz:443> Projects
  K 8
  username
  V 9
  loginname
  END

HTH.

-John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Dec 16 02:21:05 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.