Hi folks,
after configuring another server with svnserve over xinetd. I still do
not completely understand the chapter on SASL encryption in the
subversion manual.
It says that SASL can do encryption for me. There are two options to
configure SASL, one is saslauthd with handles authentication in plain
text. This means that only Kerberos can be used securely. This option is
not available for me anyway.
The other one is the auxprop with sasldb. This is what I did. I chose
DIGEST-MD5 for a shared secret mechnism. In this case the authentication
can be plain text because no password is exchanged and the
authentication procedure is secure.
Does this mean that the svnserve.conf's min|max-encryption do a full
/transport/ encryption?
This point is not made clear enough in the manual. At no point there is
stated what is actually configured: authentication or transport encryption.
In terms of HTTP, the authentication happens inside the tunnel, so both
is done. With Kerberos I can have authentication and transport optional.
Thanks,
Mike
- Clarification on SASL encryption Michael-O
-
