On Aug 4, 2009, at 14:06, Craig Holmquist wrote:
> I've noticed that in Subversion 1.6.3 (and probably all earlier
> versions),
> if the server sends an NTLM challenge, and client responds with the
> logged-in user's credentials even if the --username and --password
> command
> line options are given. That is, the name in the revision log is the
> logged-in user instead of the user passed on the command line.
>
> Is this intentional? In my opinion it's counterintuitive. The
> Subversion
> book states that --username and --password take precedence over any
> cached
> credentials;
Where did you read this? It was my understanding that the values
specified in --username and --password are only used if the client
can't find the necessary information in the auth cache. And I didn't
think this varied based on your authentication method.
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.netmodel.html
"One last word about svn's authentication behavior, specifically
regarding the --username and --password options. Many client
subcommands accept these options, but it is important to understand
that using these options does not automatically send credentials to
the server. As discussed earlier, the server “pulls” credentials from
the client when it deems necessary; the client cannot “push” them at
will. If a username and/or password are passed as options, they will
be presented to the server only if the server requests them. These
options are typically used to authenticate as a different user than
Subversion would have chosen by default (such as your system login
name) or when trying to avoid interactive prompting (such as when
calling svn from a script)."
But I may have no idea what I'm talking about, as I don't even know
what NTLM is.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2380218
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-05 00:47:57 CEST