Thanks for your reply
My SVN server is most definitely configured to require auth on write, with
anonymous read allowed. All revisions committed around that time are
committed with my author name. Going back to the original post: if my
credentials were cached for the first time (the original add, commit,
delete, commit cycle), then I shouldn't have been prompted for login
credentials on subsequent commits, surely? If the creds were just cached and
I was still asked for credentials, then the bug is minor -- it's probably a
not-oft-seen annoyance to have to sometimes re-enter your credentials, even
after you've had a successful login in the recent past. If the creds weren't
cached, it points to a more problematic flaw: that I was potentially able to
modify the repo without auth (and, to re-iterate, auth is required on my
repo to be able to write to it).
The twist in the tale is that I was allowed to perform the add, commit,
delete, commit cycle without auth (which should have required it), and the
update was when I was asked for creds (and anonymous read access is
allowed). My svnserve.conf is madly simple; here it is without all the
comment lines:
[general]
anon-access = read
auth-access = write
authz-db = authz
password-db = passwd
my authz is also blatantly simple:
[/]
davydm = rw
* = r
Perhaps it is a case of PEBKAC -- if so, please point out to me where I have
gone wrong in the above config, which, to my simple knowledge of the SVN
system, seems to make sense.
-d
Received on 2008-08-23 01:05:47 CEST