Re: How to configure Apache2+SVN+PAM

From: Ryan Schmidt <subversion-2009b_at_ryandesign.com>
Date: Sat, 29 Aug 2009 21:42:04 -0500

On Aug 29, 2009, at 09:44, Nico Kadel-Garcia wrote:

>> I´m looking through the web but it´s hard to find how to configure
>> PAM+Apache2+Svn.
>
> [ Yes, I rant about this. Yes, I am a broken record, but it needs
> repeating for new users. ]
>
> *DON'T*. Seriously. Unless you can assure that your clients are not
> going to use the default subversion clients, which store passwords in
> cleartext by default, any such service is a serious security pitfall.

In a message last week that you did not respond to, I replied [1] to
your prior rant on this topic a week ago explaining that the
Subversion client does not store passwords in clear text anymore for
most users. I referred you to the Subversion 1.6, 1.4, and 1.2 release
notes which state that this is so. Are you saying this is not correct,
or that the implementation is flawed? Please elaborate.

[1] http://svn.haxx.se/users/archive-2009-08/0550.shtml

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2388601

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-30 04:43:45 CEST

This message: [ Message body ]
Next message: Edmund Wong: "Re: SVN-abbreviation"
Previous message: Rich Shepard: "Re: Fixing commit/import error -- FIXED"
In reply to: Nico Kadel-Garcia: "Re: How to configure Apache2+SVN+PAM"
Next in thread: Nico Kadel-Garcia: "Re: How to configure Apache2+SVN+PAM"
Reply: Nico Kadel-Garcia: "Re: How to configure Apache2+SVN+PAM"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]