Clarification on SASL encryption

From: Michael-O <1983-01-06_at_gmx.net>
Date: Sun, 13 Mar 2011 13:31:04 +0100

Hi folks,

after configuring another server with svnserve over xinetd. I still do
not completely understand the chapter on SASL encryption in the
subversion manual.

It says that SASL can do encryption for me. There are two options to
configure SASL, one is saslauthd with handles authentication in plain
text. This means that only Kerberos can be used securely. This option is
not available for me anyway.
The other one is the auxprop with sasldb. This is what I did. I chose
DIGEST-MD5 for a shared secret mechnism. In this case the authentication
can be plain text because no password is exchanged and the
authentication procedure is secure.
Does this mean that the svnserve.conf's min|max-encryption do a full
/transport/ encryption?

This point is not made clear enough in the manual. At no point there is
stated what is actually configured: authentication or transport encryption.

In terms of HTTP, the authentication happens inside the tunnel, so both
is done. With Kerberos I can have authentication and transport optional.

Thanks,

Mike
Received on 2011-03-13 13:31:40 CET

This message: [ Message body ]
Next message: Mark Phippard: "Re: Clarification on SASL encryption"
Previous message: bruce: "Re: svn/url redirect question"
Next in thread: Mark Phippard: "Re: Clarification on SASL encryption"
Reply: Mark Phippard: "Re: Clarification on SASL encryption"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]