You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Keith and Teri Kwiatek <kw...@gmail.com> on 2006/07/28 15:02:30 UTC
Is there a way to prevent local caching AND not have the user log multiple times?
Hello,
Is there a way to configure subversion so that the user password will not be
cached on the client, yet the user will not have to log in multiple times?
Since the windows user will be logged into the domain, can the subversion
client get the username/password from the OS and pass it to the subversion
server/apaceh?
Thanks
K.
Re: Is there a way to prevent local caching AND not have the user log multiple times?
Posted by si <ss...@gmail.com>.
> There are alternatives, such as turning off HTTP/WebDAV and enabling only
> svn+ssh access, and not giving out user accounts on the server. This doesn't
> prevent the SSH keys from having no password or bad passwords, but it can
> force the use of an SSH key.
I just finished testing svn+ssh using WinSSHD and Tunnelier (bitvise.com)
this allows you to use windows integrated authentication, which would
solve your no/bad password issue, and having to maintain and store
plaintext svn user passwords.
The 2 issues so far are (1) I haven't been able to find a way to pass
svnserve -r parameter with winsshd and (2) when using TortoiseSVN,
Tunnelier brings up a dos box, which is kinda ugly, and probably the
reason why the TortoiseSVN folks wrote TortoisePLink (for putty).
Should note that i've only tested this in a virtual network, and there
were a couple of little tricks to implement, especially if you're used
to just svn:// access...I plan to write a little howto once the above
mentioned issues are resolved.
peace
si
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Is there a way to prevent local caching AND not have the user log multiple times?
Posted by Nico Kadel-Garcia <nk...@comcast.net>.
----- Original Message -----
From: "D.J. Heap" <dj...@gmail.com>
To: "Nico Kadel-Garcia" <nk...@comcast.net>
Cc: "Keith and Teri Kwiatek" <kw...@gmail.com>;
<us...@subversion.tigris.org>
Sent: Friday, July 28, 2006 5:42 PM
Subject: Re: Is there a way to prevent local caching AND not have the user
log multiple times?
> On 7/28/06, Nico Kadel-Garcia <nk...@comcast.net> wrote:
> [snip]
>>
>> This only works if you force the use of TortoisSVN as the client. This is
>> next-to-impossible: if the user uses a command-line client in CygWin or
>> from
>> Linux, in order to do a build environment, the passwords are certainly
>> kept
>> in clear text.
>
> You would have to use TSVN and/or a native Windows commandline client
> but the message says "Since the windows user will be logged into the
> domain" so it seems likely that they are on Windows and can use such a
> client.
>
> If not, then the above is correct AFAIK -- you have to use ssh+certs
> to avoid storing passwords and not be prompted.
Does anyone have a domain-registered WindowsXP box to test the CygWin cvs
client to see if it stores HTTPS;Webdav passwords for Amanda in clear text?
Or understand the authentication code to comment?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Is there a way to prevent local caching AND not have the user log multiple times?
Posted by "D.J. Heap" <dj...@gmail.com>.
On 7/28/06, Nico Kadel-Garcia <nk...@comcast.net> wrote:
[snip]
>
> This only works if you force the use of TortoisSVN as the client. This is
> next-to-impossible: if the user uses a command-line client in CygWin or from
> Linux, in order to do a build environment, the passwords are certainly kept
> in clear text.
You would have to use TSVN and/or a native Windows commandline client
but the message says "Since the windows user will be logged into the
domain" so it seems likely that they are on Windows and can use such a
client.
If not, then the above is correct AFAIK -- you have to use ssh+certs
to avoid storing passwords and not be prompted.
DJ
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Is there a way to prevent local caching AND not have the user log multiple times?
Posted by Nico Kadel-Garcia <nk...@comcast.net>.
----- Original Message -----
From: "D.J. Heap" <dj...@gmail.com>
To: "Keith and Teri Kwiatek" <kw...@gmail.com>
Cc: <us...@subversion.tigris.org>
Sent: Friday, July 28, 2006 1:02 PM
Subject: Re: Is there a way to prevent local caching AND not have the user
log multiple times?
> On 7/28/06, Keith and Teri Kwiatek <kw...@gmail.com> wrote:
>> Hello,
>>
>> Is there a way to configure subversion so that the user password will not
>> be
>> cached on the client, yet the user will not have to log in multiple
>> times?
>>
>> Since the windows user will be logged into the domain, can the subversion
>> client get the username/password from the OS and pass it to the
>> subversion
>> server/apaceh?
>>
>> Thanks
>> K.
>
>
> I believe you can use automatic authentication if you are using Apache
> -- check on the TortoiseSVN FAQ or TortoiseSVN mailing list archives.
> IIRC, you use mod_auth_sspi or mod_auth_ntlm or something along with a
> new enough version of neon.
This only works if you force the use of TortoisSVN as the client. This is
next-to-impossible: if the user uses a command-line client in CygWin or from
Linux, in order to do a build environment, the passwords are certainly kept
in clear text.
There are alternatives, such as turning off HTTP/WebDAV and enabling only
svn+ssh access, and not giving out user accounts on the server. This doesn't
prevent the SSH keys from having no password or bad passwords, but it can
force the use of an SSH key.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Is there a way to prevent local caching AND not have the user log multiple times?
Posted by "D.J. Heap" <dj...@gmail.com>.
On 7/28/06, Keith and Teri Kwiatek <kw...@gmail.com> wrote:
> Hello,
>
> Is there a way to configure subversion so that the user password will not be
> cached on the client, yet the user will not have to log in multiple times?
>
> Since the windows user will be logged into the domain, can the subversion
> client get the username/password from the OS and pass it to the subversion
> server/apaceh?
>
> Thanks
> K.
I believe you can use automatic authentication if you are using Apache
-- check on the TortoiseSVN FAQ or TortoiseSVN mailing list archives.
IIRC, you use mod_auth_sspi or mod_auth_ntlm or something along with a
new enough version of neon.
DJ
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org