[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN keeps getting my AD password revoked.

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 18 Sep 2012 09:44:42 +0200

On Mon, Sep 17, 2012 at 07:16:21PM -0600, Wendell Nichols wrote:
> I have many eclipse subversion based projects. I work on them as
> needed. the probelm is that if I open a project that I haven't
> accessed in some time and the cached svn password is old (and
> therefore wrong) by the time I notice it has tried three times (or
> more) under the covers to login and AD revokes my userid. If I'm
> working when the helpdesk is not manned, I'm screwed till the next
> day!

That's a trade-off between usability and security. It seems they're
being a bit too aggressive with revoking accounts used for SVN access.
If your password isn't ridiculously short, more than 3 attempts
could be allowed before it's likely to be cracked.

> I would like to have a setting that restricts auth errors to one
> attempt before notifying me. That includes, for instance, opening
> three old projects at once.

As a workaround, I'd recommend clearing the password cache before
opening old projects. See here for more information about where
passwords are cached and how to remove them:

Subversion 1.8 will ship with an in-memory password cache, based on
the "gpg-agent", which would prevent outdated passwords from being
used by design because the cache is cleared at regular intervals.
In its current implementation this option will only be available on
UNIX-like systems since it uses UNIX domain sockets to talk to the
gpg-agent. Someone would need to add the necessary Windows socket
support to make it run on Windows, too.
Received on 2012-09-18 09:45:25 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.