[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to make password to store in Encrypted format

From: Geoff Hoffman <ghoffman_at_cardinalpath.com>
Date: Tue, 20 Sep 2011 08:37:31 -0700

On Tue, Sep 20, 2011 at 7:03 AM, Bob Archer <Bob.Archer_at_amsi.com> wrote:

> > How to make password to store in Encrypted format
> >
> > When I checkout a code i got the following message. I was searching in
> the
> > net, I couldn't locate a proper document to avoid/configure svn password
> > locally encrypted. Any help in this regard is highly appreciated.
> >
> > Thanks,
> > Wang,bin
> >
> >
> --------------------​--------------------​--------------------​-----------
> > ATTENTION! Your password for authentication realm:
> >
> > <http://someservername:3690> Test Project SVN
> >
> > can only be stored to disk unencrypted! You are advised to configure your
> > system so that Subversion can store passwords encrypted, if possible. See
> > the documentation for details.
> >
> > You can avoid future appearances of this warning by setting the value of
> the
> > 'store-plaintext-passwords' option to either 'yes' or 'no' in
> > '/home/AdmUsr/.subve​rsion/servers'.
> >
> --------------------​--------------------​--------------------​-----------
>
> Did you " See the documentation for details."???
>
> " For other Unix-like operating systems, no single standard “keychain”
> service exists. However, the Subversion client knows how to store passwords
> securely using the “GNOME Keyring” and “KDE Wallet” services. Also, before
> storing unencrypted passwords in the ~/.subversion/auth/ caching area, the
> Subversion client will ask the user for permission to do so. Note that the
> auth/ caching area is still permission-protected so that only the user
> (owner) can read data from it, not the world at large. The operating
> system's own file permissions protect the passwords from other
> non-administrative users on the same system, provided they have no direct
> physical access to the storage media of the home directory, or backups
> thereof."
>
>
> http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.netmodel.creds
>
> BOb
>
>

Wang,

For the record we're running Ubuntu Server 10.04LTS and it has no desktop
GUI and I was not able to figure out how to use either gnome keyring or kde
wallet services to store passwords encrypted. After about 8 to 12 hours of
researching these methods and trying a variety of different things, I gave
up and was never able to store encrypted passwords; we all have IDEs that
store/send the password with each command and our SVN server is behind our
Firewall on our LAN, so it isn't that big of a deal for us.

They call it a "security improvement" for SVN 1.6 however it has resulted in
our case as no security (for users SSH'd into the svn server) because
implementing it
a) is too cumbersome
b) is beyond my skillset, or
c) appears to rely on a desktop UI

There appears to be some command-line ways of getting this functionality,
and here some posts about it...

http://stackoverflow.com/questions/3824513/svn-encrypted-password-store

http://blogs.collab.net/subversion/2009/07/subversion-16-security-improvements/

http://subversion.open.collab.net/ds/viewMessage.do?dsMessageId=325647&dsForumId=3

Probably the best bet is outlined here
http://superuser.com/questions/186575/whats-the-best-way-to-store-an-encrypted-svn-password-on-ubuntu-server
or here
http://blesseddlo.wordpress.com/2010/09/13/subversion-passwords-encrypted-with-gnome-keyring/
but I wasn't able to get it working.

Sorry; wish I had a better reply for you.
Good luck -
Received on 2011-09-20 17:38:07 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.