Paul Koning wrote:
> Richard> Now, while you are mentioning this, I recall I have seen on
> Richard> ethereal capture session that for each file there are two
> Richard> Kerberos authentication requests (I do not use keytab) - the
> Richard> first one failing.
>
> Richard> As far as SVN documentation goes, it seems to be desired
> Richard> behavior (auth check on each access).
>
> That doesn't make any sense.
>
> It is only useful to authenticate often enough to catch invalidation
> of authentication credentials. A person's identity doesn't change
> from millisecond to millisecond! Authentication results should be
> cached. Ideally, there is external information available that guides
> the caching rules. (For example, public key certificates have such
> information in them.)
To avoid misunderstanding, please read the last sentence "It seems to be
desired behavior (according to SVN doc) to do authorization check on
each file access."
Why is this authorization check propagated into authentication module is
another question. It seems that each access to file in repository
represents standalone request and authorization credentials are cached
only for the time request is served.
This idea (keeping it valid only for the time of the request) does not
seem to be wrong either - only the nature of SVN normal operation does
unfortunately suffer from it - a lot.
Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 25 01:35:10 2005