[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Can svnserve read an encrypted password file?

From: Alec Kloss <alec.kloss_at_oracle.com>
Date: Thu, 28 Aug 2008 16:35:25 -0500

On 2008-08-28 16:02, Mark K wrote:
> AFAIK the preferred gnome keyring thing is now seahorse
> (http://www.gnome.org/projects/seahorse/index.html). One could just
> use svn+ssh with keys and avoid the whole plaintext password issue.

This gets messy if you've got Windows clients. Either they need to
have their private key unencrypted which is worse than having
subversion cache their password in the magic place Microsoft
provides, or they need to try to get pagent and putty to place nice
with their client. Certainly possible, but certainly not easy.

> Also, wouldn't svnserve+sasl be able to solve the complaint of having
> plain text passwords stored on the server side?

Pretty much only if you're using (my favorite) gssapi with sasl.
Just about everything else in sasl requires either clear-text
transmission of the password or clear-text storage of the password
on the server. It's probably still slightly better to use sasl
because the authentication is normally offloaded to a specialized
authentication server so there's sort-of less to audit.

Oracle Confidential Information        
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

  • application/pgp-signature attachment: stored
Received on 2008-08-28 23:36:13 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.