How to store passwords?
Hi, On a Debian 11 system with Subversion 1.14.1-3+deb11u1 I'm trying to store passwords. In /etc/subversion/config I've got: [auth] password-stores = # cat /etc/subversion/servers [global] store-passwords = yes store-plaintext-passwords = yes But still it's asking for the server every single time. What am I missing? -- Olaf
Re: How to store passwords?
Den lör 20 aug. 2022 kl 12:20 skrev Olaf van der Spek : > Hi, > > On a Debian 11 system with Subversion 1.14.1-3+deb11u1 I'm trying to > store passwords. > > In /etc/subversion/config I've got: > [auth] > password-stores = > > # cat /etc/subversion/servers > [global] > store-passwords = yes > store-plaintext-passwords = yes > > But still it's asking for the server every single time. What am I missing? > Check the available authentication credential caches: [[[ $ svn --version [...] The following authentication credential caches are available: * Plaintext cache in /home/daniel/.subversion * Gnome Keyring * GPG-Agent * KWallet (KDE) ]]] If you are missing the Plaintext cache then your distribution compiled Subversion without the support for storing passwords in the plaintext cache. (The compile-time option changed in Subversion 1.12 to disable the plaintext cache unless explicitly enabled). This has been a source of many questions and a lot of confusion during the years. Recently, a script was developed that will allow you to store the password even if your svn binary will not. Please be aware of any security implications of storing the password in plaintext. See https://subversion.apache.org/faq.html#plaintext-passwords for more information including a link to the aforementioned script. Kind regards, Daniel
Re: How to store passwords?
Op za 20 aug. 2022 om 12:39 schreef Daniel Sahlberg : > > Den lör 20 aug. 2022 kl 12:20 skrev Olaf van der Spek : > Check the available authentication credential caches: > [[[ > $ svn --version > [...] > The following authentication credential caches are available: > > * Plaintext cache in /home/daniel/.subversion > * Gnome Keyring > * GPG-Agent > * KWallet (KDE) > ]]] > > If you are missing the Plaintext cache then your distribution compiled > Subversion without the support for storing passwords in the plaintext cache. > (The compile-time option changed in Subversion 1.12 to disable the plaintext > cache unless explicitly enabled). Right, thanks! Does it really have to be this hard to store passwords? ;) I'm running a local svnserve, is there a better way to handle this? I'll also give the script a try. Thanks! -- Olaf
Re: How to store passwords?
Op za 20 aug. 2022 om 14:27 schreef Olaf van der Spek : > > Op za 20 aug. 2022 om 12:39 schreef Daniel Sahlberg > : > > > > Den lör 20 aug. 2022 kl 12:20 skrev Olaf van der Spek > > : > > Check the available authentication credential caches: > > [[[ > > $ svn --version > > [...] > > The following authentication credential caches are available: > > > > * Plaintext cache in /home/daniel/.subversion > > * Gnome Keyring > > * GPG-Agent > > * KWallet (KDE) > > ]]] > > > > If you are missing the Plaintext cache then your distribution compiled > > Subversion without the support for storing passwords in the plaintext > > cache. (The compile-time option changed in Subversion 1.12 to disable the > > plaintext cache unless explicitly enabled). > > Right, thanks! > Does it really have to be this hard to store passwords? ;) > > I'm running a local svnserve, is there a better way to handle this? > > I'll also give the script a try. Hmm: Traceback (most recent call last): File "store-plaintext-password.py", line 192, in main() File "store-plaintext-password.py", line 188, in main writeHashFile(authfileName, hash) File "store-plaintext-password.py", line 128, in writeHashFile outputHash(fd, dict) File "store-plaintext-password.py", line 113, in outputHash for key, val in dict.items(): TypeError: unbound method dict.items() needs an argument -- Olaf
Re: How to store passwords?
On Sat, Aug 20, 2022 at 8:40 AM Olaf van der Spek wrote: > > Op za 20 aug. 2022 om 12:39 schreef Daniel Sahlberg > : > > > > Den lör 20 aug. 2022 kl 12:20 skrev Olaf van der Spek > > : > > Check the available authentication credential caches: > > [[[ > > $ svn --version > > [...] > > The following authentication credential caches are available: > > > > * Plaintext cache in /home/daniel/.subversion > > * Gnome Keyring > > * GPG-Agent > > * KWallet (KDE) > > ]]] > > > > If you are missing the Plaintext cache then your distribution compiled > > Subversion without the support for storing passwords in the plaintext > > cache. (The compile-time option changed in Subversion 1.12 to disable the > > plaintext cache unless explicitly enabled). > > Right, thanks! > Does it really have to be this hard to store passwords? ;) > > I'm running a local svnserve, is there a better way to handle this? Easy to use and access conflicts with secure from others, especially the root user. Have you considered using 'svn+ssh' based access, with ssh-agent setups? I used those especially with tools like Jenkins, so I could demand a pass-phrase when starting sensitive tasks.
