Apache HTTPD can alto be tied to Kerberos authentication. Can the mod_dav_svn play nicely with Kerberos based, sing-sign-on environments?
In that case, though, the UNIX/Linux clients store the passwords in plain text, locally, by default. TortoiseSVN handles them more securely, and tools like the GNome and KDE wallets keep the passwords more securely, but it's hard to force clients to use those. One alternative is to use svn+ssh: that takes more work to set up, and to manage SSH keys on the serer side, and I've still seen no well integrated key management tool. But it's precisely what Sourceforge uses for Subverison access. On Fri, Jan 24, 2014 at 8:17 AM, Stefan Sperling <s...@elego.de> wrote: > On Thu, Jan 23, 2014 at 10:43:55PM +0100, Anselm Arndt wrote: >> Oh sorry, >> it is a svnserve server setup. >> I am not a svn expert. >> I am able to manage the users (with their rights) and to create new >> repositories. >> But now I was asked to store the passwords not in clear text in the passwd. > > svnserve uses CRAM-MD5 authentication, which requires both parties > to know the plaintext. The password is a shared secret. > > If you want something better, you can either try setting up svnserve > with Cyrus-SASL, or switch to Apache HTTPD and use, for instance, > digest authentication which saves hashes of passwords to disk. > > See here: > http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl > http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.digest
