Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-3629

Mechanism to require use of encrypted password store (or none at all)

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: trunk
    • Fix Version/s: 1.10-consider
    • Component/s: libsvn_client
    • Labels:
      None

      Description

      As Subversion continues to gain traction within enterprise corporations, demands
      around its security consciousness grow.  One such demand has already bubbled up
      to the top of many companies' wishlists:  server-dictated policy that requires
      Subversion clients to either use an encrypted password store when caching
      credentials, or to not cache the credentials at all.
      
      Subversion makes use of encrypted stores on Windows and Mac by default, and can
      be compiled against GNOME or KDE libs on the Unixes to allow password caching
      via those OSes' keychain mechanisms.  But currently there is no way to require
      (by server-dictated policy) that a user take advantage of these encrypted
      stores.  And therein lies the complaint.
      

        Issue Links

          Activity

          Hide
          michael-o Michael Osipov added a comment -

          Just wanted to note for those who are reading this issue. I have published https://s.apache.org/svn-enterprise-auth to remedy this ssue.

          Show
          michael-o Michael Osipov added a comment - Just wanted to note for those who are reading this issue. I have published https://s.apache.org/svn-enterprise-auth to remedy this ssue.
          Hide
          michael-o Michael Osipov added a comment -

          For what it's worth: I have been using Subversion over HTTP with Kerberos for
          quite a long time now -- it is fully enterprise-ready. It works from Unix and
          Windows. I have been working with Ivan Zhakov and Lieven Govaerts on this.
          
          I haven't experienced any issues on Windows, Linux, FreeBSD with that.
          Moreover, I am preparinga guide how to make it all work with Subversion.
          
          Subversion over SASL with GSS-API is a problem (svn://). Subverion's SASL
          support needs to be improved first, second Cyrus SASL does not support SSPI on
          Windows. So one needs to write a SSPI plugin which implements the mechs GSSAPI
          and GSS-SPNEGO.
          
          Michael
          

          Show
          michael-o Michael Osipov added a comment - For what it's worth: I have been using Subversion over HTTP with Kerberos for quite a long time now -- it is fully enterprise-ready. It works from Unix and Windows. I have been working with Ivan Zhakov and Lieven Govaerts on this. I haven't experienced any issues on Windows, Linux, FreeBSD with that. Moreover, I am preparinga guide how to make it all work with Subversion. Subversion over SASL with GSS-API is a problem (svn://). Subverion's SASL support needs to be improved first, second Cyrus SASL does not support SSPI on Windows. So one needs to write a SSPI plugin which implements the mechs GSSAPI and GSS-SPNEGO. Michael
          Hide
          cmpilato C. Michael Pilato added a comment -

          I had to defer this work until post-1.8.  Hope to resume and completely for 1.9.
          

          Show
          cmpilato C. Michael Pilato added a comment - I had to defer this work until post-1.8. Hope to resume and completely for 1.9.
          Hide
          subversion-importer Subversion Importer added a comment -

          If you really don't want people to be able to save password, isn't the best answer to use GSSAPI and 
          something like Kerberos so that there is no password exchange between SVN and users?
          

          Original comment by buffyg

          Show
          subversion-importer Subversion Importer added a comment - If you really don't want people to be able to save password, isn't the best answer to use GSSAPI and something like Kerberos so that there is no password exchange between SVN and users? Original comment by buffyg
          Hide
          cmpilato C. Michael Pilato added a comment -

          This will necessarily depend on some framework for passing configuration
          requirements from server -> client.
          

          Show
          cmpilato C. Michael Pilato added a comment - This will necessarily depend on some framework for passing configuration requirements from server -> client.
          Hide
          cmpilato C. Michael Pilato added a comment -

          Of the many Subversion-using shops that have voiced this complaint to me
          directly, all of them understand that it's not possible to eliminate the
          possibility of a Subversion client using an un-encrypted store.  After all, our
          code is open source and a determined employee could tweak and compile their own
          client.  But those employees would be deemed to be in violation of company
          policy, which is generally handled in ways which are ... not so technical.  (In
          other words, the folks asking for this feature are only asking for Subversion to
          do the best it can possibly do by default and when not tampered with.)
          

          Show
          cmpilato C. Michael Pilato added a comment - Of the many Subversion-using shops that have voiced this complaint to me directly, all of them understand that it's not possible to eliminate the possibility of a Subversion client using an un-encrypted store. After all, our code is open source and a determined employee could tweak and compile their own client. But those employees would be deemed to be in violation of company policy, which is generally handled in ways which are ... not so technical. (In other words, the folks asking for this feature are only asking for Subversion to do the best it can possibly do by default and when not tampered with.)

            People

            • Assignee:
              Unassigned
              Reporter:
              cmpilato C. Michael Pilato
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Development