Login | Register
My pages Projects Community openCollabNet

Discussions > users > Re: certificate/password storage

fsvs
Discussion topic

Back to topic list

Re: certificate/password storage

Author tekknokra
Full name Gunnar Thielebein
Date 2009-11-05 02:04:15 PST
Message Hi Phil,

P.Marek wrote:
> Hello Gunnar!
>
>> I just tested the certificate/password storage part on Ubuntu/Karmic against
>> a local ssl/http-auth setup.
>>
>> config_dir is set to /etc/subversion.
>>
>> When issueing the remote command "remote-status" I am asked to permantly store
>> the certificate. I agree with yes.
>> Then I will be asked about the pkcs12 file localtion and a password.
>>
>> In this step I am prompted with a confirmation dialog:
>>
>>> You can avoid future appearances of this warning by setting the value
>>> of the 'store-ssl-client-ce​rt-pp-plaintext' option to either 'yes' or
>>> 'no' in '(null)'.
>> If I agree all the questions with yes authentication succeeds.
>> On performing the remote command next time I get the
>> accept certificate request and all other steps involved again.
>> As you can see in the before prompt there's no path set.
>>
>> Please let me know if you need more information. I tried with running with fsvs
>> -vvv -d but this does not increase verbosity on the interesting parts (libsvn).
> Could you try to put a "~/.subversion/config" file into "/etc/subversion", with
> authentication storing enabled?

I had the config file already there, but the entries are uncommented. Regarding
the comments storing is enabled by default but now explicitly enabled:

/etc/subversion/config:

[auth]
store-passwords = yes
store-auth-creds = yes

Server file.

/etc/subversion/server:

[groups]
test.local = fsvs.agile-admin.net
[test.local]
ssl-client-cert-file = /etc/ssl/default/newcert.p12
ssl-client-cert-password = test123
[global]
ssl-authority-files = /etc/ssl/default/cacert.pem
store-passwords = yes
store-plaintext-passwords = no
store-ssl-client-cert-pp = no
store-ssl-client-cer​t-pp-plaintext = no

>
> If that doesn't help, please do an "strace -f -tt" of a fsvs call, and send me that -
> maybe I can see there where subversion tries to get information from.

Good tip!
The bottom line (4245) shows where fsvs wants to get information from. Log
gzipped and attached for convinience.

> 10:56:23.046460 lstat("/etc/fsvs/aut​h/auth/svn.ssl.serve​r/06efd6678d90237507​2f17361922b4b2", 0x7fffa792b3d0) = -1 ENOENT (No such file or directory)


>
>
> Regards,
>
> Phil
>

Cheers,
Gunnar
Attachments

« Previous message in topic | 3 of 7 | Next message in topic »

Messages

Show all messages in topic

certificate/password storage tekknokra Gunnar Thielebein 2009-11-04 15:12:06 PST
     Re: certificate/password storage pmarek P.Marek 2009-11-05 00:00:17 PST
         Re: certificate/password storage tekknokra Gunnar Thielebein 2009-11-05 02:04:15 PST
         Re: certificate/password storage tekknokra Gunnar Thielebein 2009-11-06 03:33:04 PST
             Re: certificate/password storage pmarek P.Marek 2009-11-09 00:13:56 PST
                 Re: certificate/password storage tekknokra Gunnar Thielebein 2009-11-14 09:59:39 PST
                     Re: certificate/password storage pmarek P.Marek 2009-11-14 11:39:43 PST
Messages per page: