Den tors 26 aug. 2021 kl 16:10 skrev Stefan Sperling <s...@elego.de>:
> On Thu, Aug 26, 2021 at 02:41:44PM +0200, Johan Corveleyn wrote: > > I get the feeling I'm missing something, but I still don't understand > > what authz has to do with the problem at hand here (i.e. detecting > > expired passwords so we can ask the user for the new one). > > The problem is that some repositories (like our own) do not require > any authentication in order to read data. > > Your case where 'svn ls' asks for a password is not applicable for > public repositories on svn.apache.org, for example. The 'svn auth add' > command would not get an authentication challenge by running the > equivalent of what 'svn ls' is doing. We do not have a way to trigger > the challenge without modifying the repository somehow. > Is it possible to have the client "throw" the username/password at the server even if the server doesn't issue a challenge? Would the server validate the username/password (even though authz would allow anonymous access)? /Daniel Sahlberg
