[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypted passwd on Debian, SVN-Server

From: Stefan Sperling <stsp_at_elego.de>
Date: Fri, 24 Jan 2014 14:17:26 +0100

On Thu, Jan 23, 2014 at 10:43:55PM +0100, Anselm Arndt wrote:
> Oh sorry,
> it is a svnserve server setup.
> I am not a svn expert.
> I am able to manage the users (with their rights) and to create new
> repositories.
> But now I was asked to store the passwords not in clear text in the passwd.

svnserve uses CRAM-MD5 authentication, which requires both parties
to know the plaintext. The password is a shared secret.

If you want something better, you can either try setting up svnserve
with Cyrus-SASL, or switch to Apache HTTPD and use, for instance,
digest authentication which saves hashes of passwords to disk.

See here:
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.digest
Received on 2014-01-24 14:19:24 CET

This is an archived mail posted to the Subversion Users mailing list.