[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: --username and --password ignored with NTLM authentication?

From: Craig Holmquist <craig.holmquist_at_neurotronics.com>
Date: Wed, 5 Aug 2009 08:37:24 -0400

itial.different-user :

"Since Subversion caches auth credentials by default (both username and
password), it conveniently remembers who you were acting as the last
time you modified your working copy. But sometimes that's not
helpful-particularly if you're working in a shared working copy such as
a system configuration directory or a web server document root. In this
case, just pass the --username option on the command line, and
Subversion will attempt to authenticate as that user, prompting you for
a password if necessary."

The passage you quote from
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.netmodel.html just
says that the client doesn't send any auth credentials unless the server
explicitly asks for them; it doesn't mention anything about where the
client obtains the credentials. Since the server doesn't cache any
credentials (AFAIK), a server that's set up to require authentication
for all operations will request them all the time.

-----Original Message-----
From: Ryan Schmidt [mailto:subversion-2009b_at_ryandesign.com]
Sent: Tuesday, August 04, 2009 6:47 PM
To: Craig Holmquist
Cc: users_at_subversion.tigris.org
Subject: Re: --username and --password ignored with NTLM authentication?

On Aug 4, 2009, at 14:06, Craig Holmquist wrote:

> I've noticed that in Subversion 1.6.3 (and probably all earlier
> versions),
> if the server sends an NTLM challenge, and client responds with the
> logged-in user's credentials even if the --username and --password
> command
> line options are given. That is, the name in the revision log is the
> logged-in user instead of the user passed on the command line.
> Is this intentional? In my opinion it's counterintuitive. The
> Subversion
> book states that --username and --password take precedence over any
> cached
> credentials;

Where did you read this? It was my understanding that the values
specified in --username and --password are only used if the client
can't find the necessary information in the auth cache. And I didn't
think this varied based on your authentication method.


"One last word about svn's authentication behavior, specifically
regarding the --username and --password options. Many client
subcommands accept these options, but it is important to understand
that using these options does not automatically send credentials to
the server. As discussed earlier, the server "pulls" credentials from
the client when it deems necessary; the client cannot "push" them at
will. If a username and/or password are passed as options, they will
be presented to the server only if the server requests them. These
options are typically used to authenticate as a different user than
Subversion would have chosen by default (such as your system login
name) or when trying to avoid interactive prompting (such as when
calling svn from a script)."

But I may have no idea what I'm talking about, as I don't even know
what NTLM is.


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-05 14:38:33 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.