subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Corveleyn <>
Subject Re: svn Farm
Date Fri, 08 Oct 2010 12:28:45 GMT
On Fri, Oct 8, 2010 at 2:09 PM, Nico Kadel-Garcia <> wrote:
> On Fri, Oct 8, 2010 at 4:10 AM, jehan procaccia
> <> wrote:
>>  Le 08/10/2010 02:19, Nico Kadel-Garcia a écrit :
>>> Unless you can guarantee that they will not use Linux or UNIX based
>>> clients, don't even consider this. The problem is that the Linux and
>>> UNIX clients, by default, continue to store passwords in clear text.
>>> They whinge about it now before storing it, but it's still an issue.
>>> Is there any reason you use 'svn' access, rather than HTTPS? The
>>> mod_dav_svn module works well, even though I detest the clear text
>>> password problem.
>> I need my users to be able to work with svn repos both from unix shell
>> command "svn" or through GUI clients (web browser, eclipse, tortoise ...)
>> For web (http) acces, it looks good now, indeed if I set ldap users login
>> name in the global authZ (file edit from the admin collabnet
>> .../editAuthorization) it works fine .
> That's great if that's what you need. There is no way, though, to
> prevent your UNIX/Linux command line clients from storing their
> passwords in cleartext. This isn't a server problem. It's a command
> line client problem.

Hi Nico,

Slightly OT for this thread, but it may interest you to know that very
recently some initiatives were started to include gpg-agent support in
svn (just two days ago a feature branch was created to work on that
functionality). I don't know any details about it myself (just read
the posts on the dev list), but maybe that's the sort of improvement
that would help to solve the cached-passwords-in-cleartext problem for

See these recent threads from the dev-list:


View raw message