-----BEGIN PGP SIGNED MESSAGE-----
Phillip Susi wrote:
> Subversion has no understanding of user logins of any particular OS. If
> you are using SSH then the user either has to supply a password or a
> private key. That private key may be obtained from ssh-agent if the
> user is using that and set up their environment to tell ssh to talk to
> ssh-agent, but subversion has no concept of login beyond the fact that
> ssh can connect to the server.
I noticed that Subversion treats SSH-tunneled connections as
"authenticated" and sets the user name in the logs correctly. If I
connect to the repository via local- or svnserve-access, the connection
is treated as "unauthenticated" by default.
I inferred, that the tunneled access gets a special treatment. I just
wondered how this is done and if it can be done similarly in non-SSH
> What makes you think that SSH adds too much overhead? It only adds a
> little cpu load to the client and server; you really shouldn't notice it.
When there is no need for the strong encryption SSH provides, why then
burden the server with the extra load?
> You can use https instead and authenticate with a client certificate,
> but AFAIK, there isn't anything like ssh-agent for SSL certificates, so
> either the user will have to enter their password each time to decrypt
> their certificate, or store the certificate on disk unencrypted, which
> isn't good for security since anyone who manages to read that file can
> impersonate the user.
Since the repository is used only in the intranet (or from outside
through VPN), the Apache solution is not really interesting for me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: firstname.lastname@example.org
For additional commands, e-mail: email@example.com
Received on Thu Mar 9 20:41:52 2006