[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cached client credentials not encrypted on Win2K with Subversion 1.2.3.

From: FG <fgatwork_at_verizon.net>
Date: 2005-12-16 18:51:26 CET

Phillip Susi wrote:
> Aha, I was still running an older version. I just upgraded to the
> latest and deleted the auth cache and it does now seem to be encrypted.
>
> I still have two questions though:
>
> 1) what exactly is this wincrypt buisiness? As I understand it, EFS
> works by encrypting the file with a random cipher key ( was it 128 bit
> 3des? ) and then encrypts that key using your public RSA key in your
> personal certificate ( as well as the administrator's, so he can
> recover the file ), and the private key in your certificate is
> encrypted using your password. Because of this, even if the
> administrator resets your password, you won't be able to access the
> file without the original password. Is this what wincrypt does, but
> not to the entire file?
>
> 2) I am using a client certificate to authenticate to the server via
> SSL. Every time I run svn, it prompts me for the password to decrypt
> my certificate's private key. It looks like it does save that
> password in the auth cache, but it won't use it, and prompts me for it
> again anyhow. It still does this in the latest version ( 1.2.3 r15833
> ). Is this a known bug?
>
> John Szakmeister wrote:
>> As I mentioned earlier in the thread, you may need to remove your
>> auth directory and try again. This was a new feature in 1.2.0. If
>> you didn't wipe out the auth directory at that point, then it's more
>> than likely using the format that already existed: which is store it
>> plain text. If you delete your auth directory, it will store your
>> password in the wincrypt format automatically.
>>
>
Did you build your SSL certificate with a challenge password?? If so,
this is at a different level than the SVN authentication. So it would
most likely NOT get cached.

Food 4 thought.

Regards,
Frank

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Dec 16 19:02:33 2005

This is an archived mail posted to the Subversion Users mailing list.