Login | Register
My pages Projects Community openCollabNet

Discussions > users > Re: [feature request] ssl client-certificate auth

fsvs
Discussion topic

Back to topic list

Re: [feature request] ssl client-certificate auth

Author tekknokrat
Full name Gunnar Thielebein
Date 2008-08-12 07:45:25 PDT
Message Philipp Marek wrote:
> On Thursday 07 August 2008 Gunnar Thielebein wrote:
>
>> When using ssl-client authentication a password is not needed anymore at
>> least in our setup.
>> So I hacked this dirty patch which introduces a new option "password"
>> for setting a global (blank) password.
>> I works for me but I don't know if there are better ways of implementing
>> this.
>>
> You just wrote "a password is not needed anymore"? Why make one configureable?
>
Hi Phil,

I think I need to explain our scenario a little bit.
On one hand we use ssl-keybased authorisation for servers. This keeps us
from typing password in authentication process because of security.
On the other hand we need the username of the commiter to track changes
to the config. This wont be the case without using htaccess.
So we use anonymous access on server so that only a (real) username is
needed on clientside, no matching password.
Without the local ~/.subversion directory and performing "svn ls" fsvs
also asks for the password when doing a commit.
So i wasn't able to nail this issue down and I created the patch.

Perhaps another configuration "anonymous_access" would make more sense
but I don't know what to use as an argument to this function instead of
a string or NULL:

racallback.c#58:
> opt__get_int(OPT__PASSWD) ?
> opt__get_string(OPT__PASSWD) : NULL, /*
> Password */

>
>
>> If it would be possible to save the credentials in home ~/.subversion
>> (without svn client) this option would
>> not be neccessary at all.
>>
> And what exactly does not work?
>
saving the httpauth-credentials
>
>> But because I have defined /etc/subversion as configuration path
>> (because ssl configuration should be in global scope) imo it isn't saved
>> yet.
>> I am interested what you think about this!
>>
> Well, seems ok so far - but there's this discussion about storing plain-text
> passwords (like svn had a few times in the past) ...
>
>
> Do I understand you correctly: Because /etc/ is the configuration path, the
> password (that gets asked on checkout) is not stored in the files; but for
> commit you use client certificates, so you don't need it anyway?
>
> I'm a bit confused.
>
this was only assumption from my side.
I don't know if the behaviour changes when using ~/.subversion should I
test this?
>
> Regards,
>
> Phil
>
>
>

Best Wishes,
Gunnar

« Previous message in topic | 13 of 20 | Next message in topic »

Messages

Show all messages in topic

[feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-07-07 07:13:20 PDT
     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-07-12 05:30:44 PDT
         Re: Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-07-29 07:59:26 PDT
             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-07-31 09:41:10 PDT
             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-02 07:52:55 PDT
                 Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-02 10:12:02 PDT
                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-06 01:00:51 PDT
                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-06 01:30:40 PDT
                         Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-06 01:49:56 PDT
                             Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-06 03:04:17 PDT
                                 Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-07 02:57:23 PDT
                                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 04:59:00 PDT
                                         Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-12 07:45:25 PDT
                                             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 08:22:54 PDT
                                                 Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-12 09:06:38 PDT
                                                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 09:34:33 PDT
                                                         Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-13 08:42:14 PDT
                                                             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-13 08:59:16 PDT
                                                                 Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-21 02:43:36 PDT
                                 Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 04:55:53 PDT
Messages per page: