[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to configure Apache2+SVN+PAM

From: Ryan Schmidt <subversion-2009b_at_ryandesign.com>
Date: Sat, 29 Aug 2009 21:42:04 -0500

On Aug 29, 2009, at 09:44, Nico Kadel-Garcia wrote:

>> I´m looking through the web but it´s hard to find how to configure
>> PAM+Apache2+Svn.
> [ Yes, I rant about this. Yes, I am a broken record, but it needs
> repeating for new users. ]
> *DON'T*. Seriously. Unless you can assure that your clients are not
> going to use the default subversion clients, which store passwords in
> cleartext by default, any such service is a serious security pitfall.

In a message last week that you did not respond to, I replied [1] to
your prior rant on this topic a week ago explaining that the
Subversion client does not store passwords in clear text anymore for
most users. I referred you to the Subversion 1.6, 1.4, and 1.2 release
notes which state that this is so. Are you saying this is not correct,
or that the implementation is flawed? Please elaborate.

[1] http://svn.haxx.se/users/archive-2009-08/0550.shtml


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-30 04:43:45 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.