[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve authentication without passwd file

From: Phillip Susi <psusi_at_cfl.rr.com>
Date: 2006-03-09 20:14:24 CET

Florian Pose wrote:
> Hi all!
>
> I find it very convenient that Subversion uses the current (OS-)user for
> authentication when accessing the repository through an SSH tunnel.
>
>

Subversion has no understanding of user logins of any particular OS. If
you are using SSH then the user either has to supply a password or a
private key. That private key may be obtained from ssh-agent if the
user is using that and set up their environment to tell ssh to talk to
ssh-agent, but subversion has no concept of login beyond the fact that
ssh can connect to the server.

> In a local network, I consider the SSH tunnel to produce too much
> overhead, and I would like to use "normal" access through svnserve.
> Unfortunately I have to supply svnserve with an extra passwd file.
>
>

What makes you think that SSH adds too much overhead? It only adds a
little cpu load to the client and server; you really shouldn't notice it.

> Is there any way to make svnserve use the current-user information for
> authentication? Or would that be insecure?

You can use https instead and authenticate with a client certificate,
but AFAIK, there isn't anything like ssh-agent for SSL certificates, so
either the user will have to enter their password each time to decrypt
their certificate, or store the certificate on disk unencrypted, which
isn't good for security since anyone who manages to read that file can
impersonate the user.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Mar 9 20:28:55 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.