[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypted passwd on Debian, SVN-Server

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Fri, 24 Jan 2014 09:10:46 -0500

Apache HTTPD can alto be tied to Kerberos authentication. Can the
mod_dav_svn play nicely with Kerberos based, sing-sign-on
environments?

In that case, though, the UNIX/Linux clients store the passwords in
plain text, locally, by default. TortoiseSVN handles them more
securely, and tools like the GNome and KDE wallets keep the passwords
more securely, but it's hard to force clients to use those.

One alternative is to use svn+ssh: that takes more work to set up, and
to manage SSH keys on the serer side, and I've still seen no well
integrated key management tool. But it's precisely what Sourceforge
uses for Subverison access.

On Fri, Jan 24, 2014 at 8:17 AM, Stefan Sperling <stsp_at_elego.de> wrote:
> On Thu, Jan 23, 2014 at 10:43:55PM +0100, Anselm Arndt wrote:
>> Oh sorry,
>> it is a svnserve server setup.
>> I am not a svn expert.
>> I am able to manage the users (with their rights) and to create new
>> repositories.
>> But now I was asked to store the passwords not in clear text in the passwd.
>
> svnserve uses CRAM-MD5 authentication, which requires both parties
> to know the plaintext. The password is a shared secret.
>
> If you want something better, you can either try setting up svnserve
> with Cyrus-SASL, or switch to Apache HTTPD and use, for instance,
> digest authentication which saves hashes of passwords to disk.
>
> See here:
> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl
> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.digest
Received on 2014-01-24 15:11:21 CET

This is an archived mail posted to the Subversion Users mailing list.