[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to make password to store in Encrypted format

From: Geoff Hoffman <ghoffman_at_cardinalpath.com>
Date: Tue, 20 Sep 2011 08:42:22 -0700

>
>
> On Tue, Sep 20, 2011 at 7:03 AM, Bob Archer <Bob.Archer_at_amsi.com> wrote:
>
>> > How to make password to store in Encrypted format
>> >
>> > When I checkout a code i got the following message. I was searching in
>> the
>> > net, I couldn't locate a proper document to avoid/configure svn password
>> > locally encrypted. Any help in this regard is highly appreciated.
>> >
>> > Thanks,
>> > Wang,bin
>> >
>> >
>> --------------------​--------------------​--------------------​-----------
>> > ATTENTION! Your password for authentication realm:
>> >
>> > <http://someservername:3690> Test Project SVN
>> >
>> > can only be stored to disk unencrypted! You are advised to configure
>> your
>> > system so that Subversion can store passwords encrypted, if possible.
>> See
>> > the documentation for details.
>> >
>> > You can avoid future appearances of this warning by setting the value of
>> the
>> > 'store-plaintext-passwords' option to either 'yes' or 'no' in
>> > '/home/AdmUsr/.subve​rsion/servers'.
>> >
>> --------------------​--------------------​--------------------​-----------
>>
>> Did you " See the documentation for details."???
>>
>> " For other Unix-like operating systems, no single standard “keychain”
>> service exists. However, the Subversion client knows how to store passwords
>> securely using the “GNOME Keyring” and “KDE Wallet” services. Also, before
>> storing unencrypted passwords in the ~/.subversion/auth/ caching area, the
>> Subversion client will ask the user for permission to do so. Note that the
>> auth/ caching area is still permission-protected so that only the user
>> (owner) can read data from it, not the world at large. The operating
>> system's own file permissions protect the passwords from other
>> non-administrative users on the same system, provided they have no direct
>> physical access to the storage media of the home directory, or backups
>> thereof."
>>
>>
>> http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.netmodel.creds
>>
>> BOb
>>
>>
>
> Wang,
>
> For the record we're running Ubuntu Server 10.04LTS and it has no desktop
> GUI and I was not able to figure out how to use either gnome keyring or kde
> wallet services to store passwords encrypted. After about 8 to 12 hours of
> researching these methods and trying a variety of different things, I gave
> up and was never able to store encrypted passwords; we all have IDEs that
> store/send the password with each command and our SVN server is behind our
> Firewall on our LAN, so it isn't that big of a deal for us.
>
> They call it a "security improvement" for SVN 1.6 however it has resulted
> in our case as no security (for users SSH'd into the svn server) because
> implementing it
> a) is too cumbersome
> b) is beyond my skillset, or
> c) appears to rely on a desktop UI
>
> There appears to be some command-line ways of getting this functionality,
> and here some posts about it...
>
> http://stackoverflow.com/questions/3824513/svn-encrypted-password-store
>
>
> http://blogs.collab.net/subversion/2009/07/subversion-16-security-improvements/
>
>
> http://subversion.open.collab.net/ds/viewMessage.do?dsMessageId=325647&dsForumId=3
>
> Probably the best bet is outlined here
>
> http://superuser.com/questions/186575/whats-the-best-way-to-store-an-encrypted-svn-password-on-ubuntu-server
> or here
>
> http://blesseddlo.wordpress.com/2010/09/13/subversion-passwords-encrypted-with-gnome-keyring/
> but I wasn't able to get it working.
>
> Sorry; wish I had a better reply for you.
> Good luck -
>

Here is another thread that looks helpful

http://subversion.open.collab.net/ds/viewMessage.do?dsForumId=3&dsMessageId=393815
Received on 2011-09-20 17:42:59 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.