Re: Can svnserve read an encrypted password file?

From: Alec Kloss <alec.kloss_at_oracle.com>
Date: Thu, 28 Aug 2008 16:35:25 -0500

On 2008-08-28 16:02, Mark K wrote:
[chop]
>
> AFAIK the preferred gnome keyring thing is now seahorse
> (http://www.gnome.org/projects/seahorse/index.html). One could just
> use svn+ssh with keys and avoid the whole plaintext password issue.

This gets messy if you've got Windows clients. Either they need to
have their private key unencrypted which is worse than having
subversion cache their password in the magic place Microsoft
provides, or they need to try to get pagent and putty to place nice
with their client. Certainly possible, but certainly not easy.

> Also, wouldn't svnserve+sasl be able to solve the complaint of having
> plain text passwords stored on the server side?

Pretty much only if you're using (my favorite) gssapi with sasl.
Just about everything else in sasl requires either clear-text
transmission of the password or clear-text storage of the password
on the server. It's probably still slightly better to use sasl
because the authentication is normally offloaded to a specialized
authentication server so there's sort-of less to audit.

-- 
Oracle Confidential Information        
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

application/pgp-signature attachment: stored

Received on 2008-08-28 23:36:13 CEST

This message: [ Message body ]
Next message: Andrew LeCody: "Re: svn copy fails with 400 Bad request"
Previous message: Mark K: "Re: Can svnserve read an encrypted password file?"
In reply to: Mark K: "Re: Can svnserve read an encrypted password file?"
Next in thread: Grigory V. Kareev: "Re: Can svnserve read an encrypted password file?"
Reply: Grigory V. Kareev: "Re: Can svnserve read an encrypted password file?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]