Re: Local Cache of User Info

On 2005-12-21 10:31:14 CET, JhonJun Dormitorio wrote:

> I gather from the book that the user's password is
> also stored there in plaintext? If it is, why not use
> its "hash" or something safer?

Part of this is a FAQ:

http://subversion.tigris.org/faq.html#plaintext-passwords

There have also been lengthy discussions about this issue in the
past. Here's the most recent:

http://svn.haxx.se/users/archive-2005-11/0458.shtml

And some older ones:

http://svn.haxx.se/users/archive-2004-09/1026.shtml
http://svn.haxx.se/dev/archive-2004-09/0772.shtml

> Also I might have missed it, can somebody point me to
> the part where I can find out how to add users,
> setting/point to an authentication service, and the
> like? Or explain if it's not there?

Authentication is handled differently depending on how you are
serving your repository. If you're using svnserve, you create a text
file of users and passwords:

http://svnbook.red-bean.com/en/1.1/ch06s03.html#svn-ch-6-sect-3.2.1

If you're using svn+ssh, the Unix system accounts are used. If you're
using http or https, then authentication is handled in any way
supported by Apache; read the Apache documentation.

Authorization, on the other hand, is handled by something called
authz, and you might need this if you intend for different users to
have different levels of access to the repository, or to parts of it.
In Subversion 1.2.x, it's only available if you're serving your
repository with http or https. In Subversion 1.3, it'll also be
available if you're serving with svnserve. authz is currently
described for Apache here:

http://svnbook.red-bean.com/en/1.1/ch06s04.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Jan 1 17:37:40 2006