On Fri, May 4, 2012 at 9:59 AM, Stefan Sperling <stsp_at_elego.de> wrote:
> On Fri, May 04, 2012 at 06:48:10AM -0700, frame wrote:
> >
> >
> > On Thursday, May 3, 2012 3:47:13 PM UTC-4, Stefan Sperling wrote:
> > >
> > > On Thu, May 03, 2012 at 12:41:38PM -0700, frame wrote:
> > > > I saw the password is saved in the file within
> > > .subversion/auth/svn.simple
> > > > directory. Is that correct? How can I have it saved in encrypted
> format?
> > > Is
> > > > this can be achieved by my personal or the system admin group?
> > >
> > > You would need to configure gnome-keyring or kwallet (see the
> > > 'password-stores' option in the 'config' file). I don't know
> > > whether those programs are available for your linux distro.
> > > They are third-party password encryption tools that Subversion
> > > can optionally make use of.
> > >
> > > Our system admin is against saving password in plain text format. So, I
> > have to pursue encryption format way. In my .subversion/config:
> > ### Section for configuring external helper applications.
> > password-stores =
> >
> > So 'password-stores' option is empty. We use Red Hat Linux 5.8. Can you
> > help more? Thank you.
>
> I don't know if gnome-keyring or kwallet are available in Red Hat
> Linux 5.8, and whether or not support for these features was compiled
> into Subversion by the Red Hat packagers. Somebody else on this list
> may know. Or you might want to ask Red Hat directly.
>
>
It's in the pipeline over at Repoforge. If you want to jump the gun, take a
look at my buildable hooks at
http://www.github.com/nkadel/subversion-1.6.18-srpm/ or the 1.7.4 tools
there.
I'd also very, very strongly recommend updating to RHEL 6 or a free rebuild
of that, with these tools already built-in. (I like Scientific Linux these
days, for a whole stack of reasons.)
If Red Hat 5.8 doesn't ship Subversion with gnome-keyring or kwallet
> support, you'll have to type the password or ask your admin to upgrade
> to a newer version of Red Hat or use a different Liunx distribution.
> Or you might find a build of Subversion for your Red Hat system that
> has these features enabled -- a good starting point for your search
> would be http://subversion.apache.org/packages.html
>
See above as well.
Now, all that said: I *loathe* HTTP/HTTPS password based acces, because
there is no way to prevent your clients form storing passwords locally on
Linux or UNIX hosts. They don't *have* to use the kwallet or gnome-keyring
tools, and you can't make them without snooping on them all the time.
Version 1.6 of Subversion finally started asking before storing them, but
earlier versions did not even bother to ask. This is why I'm a strong
proponent of svn+ssh access, as supported in many public repositories such
as Sourceforge. It prevents the "security is the client's problem" and the
"if you don't trust the machine you're working on,, you shouldn't be using
it" approaches to security.
All we can do is provide these features. If packagers you obtain
> Subversion from disable these features or ship outdated versions,
> the Subversion project cannot help you.
>
It's also not feasible to backport them to some still supported operating
systems. I can vouch for the difficulties of getting them into RHEL 4, for
example, and RHEL 5 wasn't a picnic.
Received on 2012-05-05 05:18:33 CEST