[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve + SASL: Only works with plaintext 'userPassword', so what's the point?

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Thu, 27 Jan 2011 02:51:26 -0500

On Wed, Jan 26, 2011 at 9:26 PM, Stefan Sperling <stsp_at_elego.de> wrote:
> On Wed, Jan 26, 2011 at 07:08:55PM -0700, Donner, Sean P wrote:
>> > It's because of how CramMD5 works.
>> >
>> > "The server needs access to the users' plain text passwords."
>> > http://en.wikipedia.org/wiki/CRAM-MD5
>> >
>> > Stefan
>>
>> Perhaps I'm wrong, but I was under the impression that the 1.6.x version of
>> 'svnserve' natively supports CRAM-MD5; meaning you *don't* need to set
>> 'use-sasl = true' to get this functionality.
>
> That's correct. But you can still configure SASL do to CRAM-MD5.
> So there might be a bug in svn.
> Maybe it still assumes that plaintext passwords will always be present.
>
>> So my original question stands as
>> to what SASL is buying us when it still requires plain-text passwords to be
>> stored on the server?
>
> Unfortunately the sasl stuff is not being maintained very actively.
> The developers who wrote it aren't active anymore.
> There are a couple of outstanding issues (some with half-done patches
> floating around) that haven't been addressed due to lack of interest
> and resources.
>
> So if you want to help out with investigating this problem more closely
> and possibly also help with fixing this the Subversion project would
> be grateful.

Or switch to svn+ssh for SSH key based access, which has other advantages.
Received on 2011-01-27 08:52:04 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.