On Tue, Dec 16, 2008 at 10:33:33AM +0100, Götz Reyher wrote:
> Hi Stefan,
>
> thanks a lot for your reply.
>
> You wrote --
>
> Subversion caches *one* set of credentials per authentication realm,
> the name of which is defined in the server config file. So you can only
> replace credentials by deleting the cache file for the realm, which
> causes
> Subversion to ask for (potentially new) credentials again.
>
> The problem we face is as follows --
>
> Our application doesn't write out cached credentials.
Have you written this application yourself, and is it using
the Subversion public APIs?
> That's because it is configured
What do you mean by "configured"? Do you mean that the application
uses the Subversion API in some predetermined way (e.g. registering
a single auth provider only), or that the application is actually
running the 'svn' command line client which is configured to
behave in a certain way ("--no-auth-cache")?
> to only using the callback mechanism for athenticating.
Only? What else is there to implement authentication in the Subversion
APIs, apart from the callback mechanism? (Is this your question?)
> So,
> the question boils down to: is there a call that we can use in order to
> trigger the SVN callback mechanism for authentication. We then would pass
> in a different set of credentials, which previously got entered through
> the our app's UI.
As far as I understand, the authentication callbacks are called by the
RA layer whenever a new RA session is opened and the server requires
authentication.
So an easy way to retrigger authentication might be closing the current
RA session and opening a new one. Note that RA sessions are independent
of transactions on the repository -- a single commit transaction, for
example, can be made using several RA sessions. To continue an existing
transaction during a new RA session, just re-open the existing transaction.
There are APIs to do this, but I don't know which specifically, you'll
have to look them up.
> As I understand your mail, SVN would "potentially" come back and ask us
> for credentials. We would prefer a definite mechanism to trigger the
> authentication callback.
I was talking about the behaviour of the Subversion command line
client 'svn', which may differ from your application.
The 'svn' client does the caching of authentication credentials.
If you write another client against the public API, you'll have
to implement your own caching mechanism (if you need one).
> Hopefully, it's become more clear now.
Slightly, but I'm still confused as to how your application (which
I assume is a Subversion client) is actually designed, and how it
interacts with Subversion (command line vs. libraries).
> We could also go into direct mail contact, if you'd like.
No, please stay on-list. The list is the support forum, not me.
I reserve my right to disappear anytime and let someone else take over :)
Stefan
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=985068
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-16 17:14:04 CET