Storing encrypted passwords with Subversion using Apache/LDAP

[Mark-E <me...@hbs.edu>]

Seeting up an Apache2 Server such that it authenticates the user via our LDAP
server before it allows them into the Subversion repository. 

When I test logging in, I get the following message...

ATTENTION!  Your password for authentication realm:

     <https: XXXXXXXXXXXXXXXXXXXX > Repository

can only be stored to disk unencrypted!  You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible.  See the documentation for details.

I believe that this can be enabled in the httpd-subverson.conf but I am not
sure exactly what needs to be done. Can anyone point me to the specific
command or docs that detail how to encrypt the users ldap password.

Thanks! 
Mark
-- 
View this message in context: http://www.nabble.com/Storing-encrypted-passwords-with-Subversion-using-Apache-LDAP-tp25962764p25962764.html
Sent from the Subversion Users mailing list archive at Nabble.com.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2409064

To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].

Re: Storing encrypted passwords with Subversion using Apache/LDAP

[Andy Levy <an...@gmail.com>]

On Mon, Oct 19, 2009 at 13:59, Mark-E <me...@hbs.edu> wrote:
> Seeting up an Apache2 Server such that it authenticates the user via our LDAP
> server before it allows them into the Subversion repository.
>
> When I test logging in, I get the following message...
>
> ATTENTION!  Your password for authentication realm:
>
>     <https: XXXXXXXXXXXXXXXXXXXX > Repository
>
> can only be stored to disk unencrypted!  You are advised to configure
> your system so that Subversion can store passwords encrypted, if
> possible.  See the documentation for details.
>
> I believe that this can be enabled in the httpd-subverson.conf but I am not
> sure exactly what needs to be done. Can anyone point me to the specific
> command or docs that detail how to encrypt the users ldap password.

What version of the client are you using, and on what OS?

On MacOS, svn has supported storing passwords in Keychain (encrypted)
since 1.4 (IIRC)

On Windows, svn uses Windows Crypto to store the passwords in
%APPDATA%. Not sure when this was introduced but it's been a while.

On *NIX, 1.6 introduced the ability to use gnome-keyring and kwallet
to store them securely. See
http://blogs.open.collab.net/svn/2009/07/subversion-16-security-improvements.html

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2409075

To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].

Re: Storing encrypted passwords with Subversion using Apache/LDAP

[Andrey Repin <an...@freemail.ru>]

Greetings, Mark-E!

> Seeting up an Apache2 Server such that it authenticates the user via our LDAP
> server before it allows them into the Subversion repository. 

> When I test logging in, I get the following message...

> ATTENTION!  Your password for authentication realm:

>      <https: XXXXXXXXXXXXXXXXXXXX > Repository

> can only be stored to disk unencrypted!  You are advised to configure
> your system so that Subversion can store passwords encrypted, if
> possible.  See the documentation for details.

> I believe that this can be enabled in the httpd-subverson.conf but I am not
> sure exactly what needs to be done. Can anyone point me to the specific
> command or docs that detail how to encrypt the users ldap password.

It is CLIENT message, nothing server-related.
As suggested, read documentation about caching authentication credentials in
client.


--
WBR,
 Andrey Repin (anrdaemon@freemail.ru) 19.10.2009, <22:11>

Sorry for my terrible english...

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2409077

To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].