On Wed, Dec 19, 2012 at 12:25 PM, Mark Phippard <markp...@gmail.com> wrote: > On Tue, Dec 18, 2012 at 10:42 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote: >> On Tue, Dec 18, 2012 at 11:09 AM, Mark Phippard <markp...@gmail.com> wrote: >>> On Mon, Dec 17, 2012 at 8:17 PM, Aubrey Barnard <barn...@cs.wisc.edu> wrote: >>> >>>> I am having trouble getting Subversion to work with the Gnome keyring and >>>> would like some advice on how to troubleshoot the situation. At this point >>>> I >>>> have tried everything I can find (Google, these archives), so I need to >>>> find >>>> how/where things are failing. >>>> >>>> I am using the svn+ssh protocol to access a server within my organization. >>>> Even with what I understand is the proper configuration, I am still >>>> prompted >>>> for my SSH password and Subversion never mentions a keyring or asks for a >>>> keyring password. The environment is RHEL 6, so I expected this to work >>>> out-of-the-box with the default svn. More information is below. >>> >>> Subversion does not really do any authentication when you use SSH, so >>> there are no credentials for it to cache and none of those settings >>> come into play. >>> >>> When you use SSH, the authentication process is managed by your SSH >>> client. I think most Unix users use something like ssh-agent to >>> manage their keys and I believe there are flavors of that which >>> interact with a GUI such as GNOME. >> >> But the "gnome-keyring" is supposed to manage this for you with Gnome >> up and running. Aubry, which Subversion are you using? I've published, >> SRPM tools at https://github.com/nkadel/subversion-1.6.18-srpm which >> you may find useful to build a fully equipped Subveriosn 1.6.18, >> compatible with Red Hat's, but with all the latest features such as >> gnome-keyring support as much as can be activated with RHEL 5. >> >> Alternatively, jump to RHEL 6 or Scientific Linux 6, both of with have >> better support for such modern tools. > > There are integrations between OpenSSH and ssh-agent and GNOME > keyring, however this has nothing to do with Subversion or the SVN > binaries you are using. It has to do with your SSH client. > Subversion just spawns the SSH client and the rest is determined by > that client. > > Subversion's GNOME keyring support applies to Subversion's password > caching which does not apply when SSH is being used.
You've a point about the distinction, but I thought it was working well with SSH passphrase requests when I used it last. I don't have a local Subversion repo to play with. Aubry, can you activate an SSH key for this and test using the SSH key? It's not clear which svn+ssh setup our faithful narrator is using. The security of direct user login with SSH passwords and local SSH accounts on the Subversion server is.... well, it's a long standing management problem. The Subversion "Red Book", sadly, only mentions the correct solution of a designated "svn" user with SSH keys using the "force-command" option as a kind of afterthought, and the results are confusing. Because it's mentioned as a complex afterthought, rather than as the recommended default, life gets confusing. I am *not* going to get into the reasons why SSH authentication is preferable to HTTPS here unless asked. I've been very vocal about it for years, in the Subversion mailing lists.
