> Read the documentation for HTTP status code 302 or 307. Subversion > handles redirects.
Sure, but for the embedded-token-in-url scheme to work, it would need to redirect not only the current URI but all the subsequent requests, too - for each individual file it downloads etc. That is, the server would have to make the client use a different *base* URL for all the requests after the first one, which I don't think is possible? > Of course, embedding authn tokens in the URL, where they're exposed > before the SSL handshake (and will typically end up in server logs, too) > is hardly secure. I thought the URI is only passed to the server after SSL connection is established - as in HTTP over SSL over IP. Anyway, the URI scheme idea was more or less my desperate last option. :) I'd obviously prefer custom authentication headers (unless the Kerberos crash bug, where ever it is, is fixed first). -Jarno
