On Fri, Oct 8, 2010 at 2:09 PM, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:
> On Fri, Oct 8, 2010 at 4:10 AM, jehan procaccia
> <jehan.procaccia_at_it-sudparis.eu> wrote:
>> Le 08/10/2010 02:19, Nico Kadel-Garcia a écrit :
>>> Unless you can guarantee that they will not use Linux or UNIX based
>>> clients, don't even consider this. The problem is that the Linux and
>>> UNIX clients, by default, continue to store passwords in clear text.
>>> They whinge about it now before storing it, but it's still an issue.
>>>
>>> Is there any reason you use 'svn' access, rather than HTTPS? The
>>> mod_dav_svn module works well, even though I detest the clear text
>>> password problem.
>>
>> I need my users to be able to work with svn repos both from unix shell
>> command "svn" or through GUI clients (web browser, eclipse, tortoise ...)
>> For web (http) acces, it looks good now, indeed if I set ldap users login
>> name in the global authZ (file edit from the admin collabnet
>> .../editAuthorization) it works fine .
>
> That's great if that's what you need. There is no way, though, to
> prevent your UNIX/Linux command line clients from storing their
> passwords in cleartext. This isn't a server problem. It's a command
> line client problem.
Hi Nico,
Slightly OT for this thread, but it may interest you to know that very
recently some initiatives were started to include gpg-agent support in
svn (just two days ago a feature branch was created to work on that
functionality). I don't know any details about it myself (just read
the posts on the dev list), but maybe that's the sort of improvement
that would help to solve the cached-passwords-in-cleartext problem for
UNIX/Linux?
See these recent threads from the dev-list:
- http://svn.haxx.se/dev/archive-2010-10/0099.shtml
- http://svn.haxx.se/dev/archive-2010-10/0149.shtml
Cheers,
--
Johan
Received on 2010-10-08 14:29:22 CEST