How to set up SVN client/server so that Active Directory password is not compromised?

[Keith and Teri Kwiatek <kw...@gmail.com>]

Hello,

I currently run apache https with WebDAV and subversion.... I am just using
htaccess to authenticate. And I notice that the SVN client caches the
password (supposedly encrypted)

I would like my windows SVN client users to authenticate with
subversion/apache by using the active directory such that the password is
not cached... WHAT are my options for accomplishing this??

I am very concerned about the SVN client caching the AD password locally,
yet I don't want the user to have to kept entering the password for each
transaction!

THanks!
Keith

Re: How to set up SVN client/server so that Active Directory password is not compromised?

[Andy Levy <an...@gmail.com>]

On 7/27/06, Keith and Teri Kwiatek <kw...@gmail.com> wrote:

> I currently run apache https with WebDAV and subversion.... I am just using
> htaccess to authenticate. And I notice that the SVN client caches the
> password (supposedly encrypted)

You can check for yourself whether the credentials are "supposedly"
encrypted or "truly" encrypted - the code's open.  Credentials are
cached in %APPDATA%\Subversion (on Windows) by default.

Documentation of the feature is located at
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.netmodel.html#svn.serverconfig.netmodel.credcache
(and it does note that the creds are encrypted, using Windows' own
crypto APIs on Win2K and up) - basically, to get at the cached
password, one must know the password (or access the system while the
owner of the password is logged in - physical security is well outside
the scope of Subversion, however).

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org