Mailing List Archive

>> +In order to commit for the first time you will need to update your
>> +password. To do that, log in to svn.apache.org and run the command
>> "svnpasswd":
>
>
> Eh? ssh keys don't work with svn?

svnpasswd is in the documents everywhere, from geronimo to
http://www.apache.org/dev/version-control.html. my ssh key allowed me to
log in to svn.apache.org without a password, but was insufficient to allow
me to commit anything.

IIRC there is no way around svnpasswd - if you could commit you might have
done it before?

--Geoff


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-dev-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-dev-help@perl.apache.org

Philippe M. Chiasson wrote:
> Stas Bekman wrote:
>
>> geoff@apache.org wrote:
>>
>>> - % cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic co
>>> modperl-2.0
>>> +In order to commit for the first time you will need to update your
>>> +password. To do that, log in to svn.apache.org and run the command
>>> "svnpasswd":
>>
>>
>>
>> Eh? ssh keys don't work with svn?
>
>
> Nope, svn works over https instead. SVN does support an ssh-tunneled
> mode, but the
> people on infrastructure@apache.org prefer https access over it. It will
> only ask for your
> password once (caching it in your ~/.svn/ dir a bit like cvs pserver
> used to do)

Hmm, the password is stored in clear text :( that sucks.

Thanks Philippe!

--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-dev-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-dev-help@perl.apache.org

Philippe M. Chiasson wrote:
[...]
>>>> Eh? ssh keys don't work with svn?
>>>
>>> Nope, svn works over https instead. SVN does support an ssh-tunneled
>>> mode, but the
>>> people on infrastructure@apache.org prefer https access over it. It
>>> will only ask for your
>>> password once (caching it in your ~/.svn/ dir a bit like cvs pserver
>>> used to do)
>>
>> Hmm, the password is stored in clear text :( that sucks.
>
> Yeah, it sucks++ and it's a major issue I have with https+svn. But it's
> only going to get worste
> once we move over to ssl client certificate authentication ... The only
> thing needed is the same
> thing as ssh-agent, but for ssl keys.

Why is it worse?

> In the meantime, you can also tell svn _never_ to store passwords and
> type it every time. That's
> what I do.

No, thank you.

--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-dev-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-dev-help@perl.apache.org

Philippe M. Chiasson wrote:
> Stas Bekman wrote:
>
>> Philippe M. Chiasson wrote:
>> [...]
>>
>>>
>>> Yeah, it sucks++ and it's a major issue I have with https+svn. But
>>> it's only going to get worste
>>> once we move over to ssl client certificate authentication ... The
>>> only thing needed is the same
>>> thing as ssh-agent, but for ssl keys.
>>
>>
>>
>> Why is it worse?
>
>
> Because then you'd _really_ need to type password every time you
> update/checkin, etc.

But you said that ssh-agent like thing resolves it. Are you saying that
there is no such thing?


--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-dev-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-dev-help@perl.apache.org

On Fri, 19 Nov 2004 17:09:45 -0500
Stas Bekman <stas@stason.org> wrote:

> Philippe M. Chiasson wrote:
> [...]
> >>>> Eh? ssh keys don't work with svn?
> >>>
> >>> Nope, svn works over https instead. SVN does support an
> >ssh-tunneled >> mode, but the
> >>> people on infrastructure@apache.org prefer https access over it.
> >It >> will only ask for your
> >>> password once (caching it in your ~/.svn/ dir a bit like cvs
> >pserver >> used to do)
> >>
> >> Hmm, the password is stored in clear text :( that sucks.
> >
> > Yeah, it sucks++ and it's a major issue I have with https+svn. But
> > it's only going to get worste
> > once we move over to ssl client certificate authentication ... The
> > only thing needed is the same
> > thing as ssh-agent, but for ssl keys.
>
> Why is it worse?

I'm surprised they want to use https+svn since I've found ssh+svn to
be much faster and less resource intensive on the box.

I'm sure however that the administration of https+svn is probably
less than ssh+svn since it doesn't require Unix users, keys, etc.

---------------------------------
Frank Wiles <frank@wiles.org>
http://www.wiles.org
---------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-dev-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-dev-help@perl.apache.org

Frank Wiles wrote:

>On Fri, 19 Nov 2004 17:09:45 -0500
>Stas Bekman <stas@stason.org> wrote:
>
>
>
>>Philippe M. Chiasson wrote:
>>[...]
>>
>>
>>>Yeah, it sucks++ and it's a major issue I have with https+svn. But
>>>it's only going to get worste
>>>once we move over to ssl client certificate authentication ... The
>>>only thing needed is the same
>>>thing as ssh-agent, but for ssl keys.
>>>
>>>
>>Why is it worse?
>> I'm surprised they want to use https+svn since I've found ssh+svn to
>> be much faster and less resource intensive on the box.
>>
>>
That's indeed the case.

>> I'm sure however that the administration of https+svn is probably
>> less than ssh+svn since it doesn't require Unix users, keys, etc.
>>
>>
Bingo! Right on. I was talking to infra folks and they are looking into
the future and administering
1000+ unix users with shell accounts is much much more complex than if
these 1000 accounts are
all confined within the realm of a htaccess file ;-)

Stas Bekman wrote:

> Philippe M. Chiasson wrote:
>
>> Stas Bekman wrote:
>>
>>> Philippe M. Chiasson wrote:
>>> [...]
>>>
>>>> Yeah, it sucks++ and it's a major issue I have with https+svn. But
>>>> it's only going to get worste
>>>> once we move over to ssl client certificate authentication ... The
>>>> only thing needed is the same
>>>> thing as ssh-agent, but for ssl keys.
>>>
>>> Why is it worse?
>>
>> Because then you'd _really_ need to type password every time you
>> update/checkin, etc.
>
> But you said that ssh-agent like thing resolves it. Are you saying
> that there is no such thing?

No such thing indeed. All in all, these things are in the hands of the
infrastructure folks at apache.org
and we'll have to wait and see what they setup in the future.

Gozer.

On Fri, 19 Nov 2004 14:29:43 -0800
"Philippe M. Chiasson" <gozer@ectoplasm.org> wrote:

> Bingo! Right on. I was talking to infra folks and they are looking
> into the future and administering
> 1000+ unix users with shell accounts is much much more complex than if
>
> these 1000 accounts are
> all confined within the realm of a htaccess file ;-)

Yeah, but these days with PAM and other nifty utilities you can get
rid of the actual accounts, store them in a SQL database, etc. and
mitigate the headache a ton.

But I can understand their reluctance as I believe the SVN docs
specifically say that svn+https is the only method they really focus
on.

---------------------------------
Frank Wiles <frank@wiles.org>
http://www.wiles.org
---------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-dev-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-dev-help@perl.apache.org