On Fri, Oct 8, 2010 at 2:09 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote: > On Fri, Oct 8, 2010 at 4:10 AM, jehan procaccia > <jehan.procac...@it-sudparis.eu> wrote: >> Le 08/10/2010 02:19, Nico Kadel-Garcia a écrit : >>> Unless you can guarantee that they will not use Linux or UNIX based >>> clients, don't even consider this. The problem is that the Linux and >>> UNIX clients, by default, continue to store passwords in clear text. >>> They whinge about it now before storing it, but it's still an issue. >>> >>> Is there any reason you use 'svn' access, rather than HTTPS? The >>> mod_dav_svn module works well, even though I detest the clear text >>> password problem. >> >> I need my users to be able to work with svn repos both from unix shell >> command "svn" or through GUI clients (web browser, eclipse, tortoise ...) >> For web (http) acces, it looks good now, indeed if I set ldap users login >> name in the global authZ (file edit from the admin collabnet >> .../editAuthorization) it works fine . > > That's great if that's what you need. There is no way, though, to > prevent your UNIX/Linux command line clients from storing their > passwords in cleartext. This isn't a server problem. It's a command > line client problem.
Hi Nico, Slightly OT for this thread, but it may interest you to know that very recently some initiatives were started to include gpg-agent support in svn (just two days ago a feature branch was created to work on that functionality). I don't know any details about it myself (just read the posts on the dev list), but maybe that's the sort of improvement that would help to solve the cached-passwords-in-cleartext problem for UNIX/Linux? See these recent threads from the dev-list: - http://svn.haxx.se/dev/archive-2010-10/0099.shtml - http://svn.haxx.se/dev/archive-2010-10/0149.shtml Cheers, -- Johan
