On Thu, Aug 26, 2021 at 02:41:44PM +0200, Johan Corveleyn wrote: > I get the feeling I'm missing something, but I still don't understand > what authz has to do with the problem at hand here (i.e. detecting > expired passwords so we can ask the user for the new one).
The problem is that some repositories (like our own) do not require any authentication in order to read data. Your case where 'svn ls' asks for a password is not applicable for public repositories on svn.apache.org, for example. The 'svn auth add' command would not get an authentication challenge by running the equivalent of what 'svn ls' is doing. We do not have a way to trigger the challenge without modifying the repository somehow.
