Replacing --no-auth-cache with something better

[Tobias Ringström <to...@ringstrom.mine.nu>]

I'd like to straighten out a small but confusing issue with the auth 
system, but I'd like to hear your opinion before I go ahead.

The auth system today has an option to prevent saving of *any* kind of 
credentials.  Since there is only one global option, it is not possible 
to prevent storing of e.g. passwords without also making it impossible 
to e.g. trust SSL server certificates permanently.

I'd like to replace this global setting with a setting for each 
authentication provider that needs it, i.e. the simple password and 
username authentication providers.  Making such a change will also make 
it possible for the front-end to decide if e.g. a password should be 
saved or not.  In other words, it will be possible to implement a 
username and password dialog box with a "remember password" checkbox.

That also means that the command-line option --no-auth-cache needs to be 
renamed to --no-password-store or something similar.  Suggestions for a 
better name are most welcome.

Another option is to *not* remember passwords by default and to 
implement a --remember-passwords option instead.  It sounds better, it 
is a little safer, but it's also a little bit more annoying.

Please let me know what you think!

/Tobias


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Replacing --no-auth-cache with something better

[Tobias Ringstrom <to...@ringstrom.mine.nu>]

Philip Martin wrote:
> "C. Michael Pilato" <cm...@collab.net> writes:
> 
>>I suggested exactly this kind of thing a while ago.  Basically, you're
>>options would be:
>>
>>    --no-auth-cache   : don't store anything
>>    --safe-auth-cache : store usernames, but no passwords or 
>>                        other "private" data
>>    (nothing)         : store it all
>>
>>With per-server configs in ~/.subversion, of course.
> 
> I like that as well.  It restores the original behaviour of
> store-password (from the time auth data was stored in the WC) where it
> only affected the password and not the username.

Great, thanks!

I assume that this change would not be suited for 1.0.  For 1.0 I'd like 
to suggest an alternative minimal impact solution.

The biggest problem is that the configuration directive store-passwords 
does more than it's name suggests, i.e. it disables storing of *any* 
credentials, not only passwords.  In fact is equivalent to the command 
line option --no-auth-cache, so I propose to change the name of 
store-passwords to store-auth-cache.  We can add a real store-passwords 
config option post 1.0.

I'll go ahead and produce such a trivial patch tonight, but I won't 
commit it until we have decided how to manage changes at this point and 
this change has been deemed safe enough.

I will start by creating an issue for this.

/Tobias


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Replacing --no-auth-cache with something better

[Philip Martin <ph...@codematters.co.uk>]

"C. Michael Pilato" <cm...@collab.net> writes:

> Tobias Ringström <to...@ringstrom.mine.nu> writes:
>
>> That also means that the command-line option --no-auth-cache needs to
>> be renamed to --no-password-store or something similar.  Suggestions
>> for a better name are most welcome.
>
> I suggested exactly this kind of thing a while ago.  Basically, you're
> options would be:
>
>     --no-auth-cache   : don't store anything
>     --safe-auth-cache : store usernames, but no passwords or 
>                         other "private" data
>     (nothing)         : store it all
>
> With per-server configs in ~/.subversion, of course.

I like that as well.  It restores the original behaviour of
store-password (from the time auth data was stored in the WC) where it
only affected the password and not the username.


-- 
Philip Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Replacing --no-auth-cache with something better

["C. Michael Pilato" <cm...@collab.net>]

Tobias Ringström <to...@ringstrom.mine.nu> writes:

> That also means that the command-line option --no-auth-cache needs to
> be renamed to --no-password-store or something similar.  Suggestions
> for a better name are most welcome.

I suggested exactly this kind of thing a while ago.  Basically, you're
options would be:

    --no-auth-cache   : don't store anything
    --safe-auth-cache : store usernames, but no passwords or 
                        other "private" data
    (nothing)         : store it all

With per-server configs in ~/.subversion, of course.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Replacing --no-auth-cache with something better

[Ben Collins-Sussman <su...@collab.net>]

On Wed, 2003-12-10 at 17:01, Tobias Ringström wrote:

> I'd like to replace this global setting with a setting for each 
> authentication provider that needs it, i.e. the simple password and 
> username authentication providers.  Making such a change will also make 
> it possible for the front-end to decide if e.g. a password should be 
> saved or not.  In other words, it will be possible to implement a 
> username and password dialog box with a "remember password" checkbox.

This is a great idea.  I'd love to see this happen this week, before we
hit 0.35.  I say go for it.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org