I'm attempting to setup svnserve with SASL support on my Slackware 13.1 server and after some trial and error I'm able to get it to work with the configuration listed at the end of this post.
You'll notice that the output of sasldblistusers2 shows my test user as having both an encrypted cmusaslsecretOTP password as well as a plain text userPassword. i.e., if I were to run the command ‘strings /etc/sasl2/my_sasldb’ I would see the test users' password in plaintext. These two password entries were created with the following subversion-book recommended command: saslpasswd2 -c -f /etc/sasl2/my_sasldb -u myrepo test After reading man saslpasswd2 I see the following option: "-n Don't set the plaintext userPassword property for the user. Only mechanism-specific secrets will be set (e.g. OTP, SRP)" This is exactly what I want to do, suppress the plain text password and only use the mechanism-specific secret (OTP in my case). So I clear out /etc/sasl2/my_sasldb and rerun saslpasswd2 as: saslpasswd2 -n -c -f /etc/sasl2/my_sasldb -u myrepo test I then follow it up with a sasldblistusers2 and I see: $ sasldblistusers2 -f /etc/sasl2/my_sasldb test@myrepo: cmusaslsecretOTP Perfect! Now I have only encrypted passwords in my sasldb.... only neither the Linux svn client nor the Windows TortoiseSVN client can connect to my repo anymore. They both present me with an endless loop of user/pass challenge. As soon as I rerun saslpasswd2 without the '-n' flag, everything works again. So, what’s the point of svnserve supporting SASL if my sasldb must store its passwords in plaintext to work? Thanks, -Sean ============CONFIGURATION================ ----------------------------- svnserve.conf ----------------------------- [general] anon-access = read auth-access = write realm = myrepo [sasl] use-sasl = true min-encryption = 128 max-encryption = 256 ----------------------------- /etc/sasl2/svn.conf ----------------------------- pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: /etc/sasl2/my_sasldb mech_list: DIGEST-MD5 ----------------------------- sasldb users ----------------------------- $ sasldblistusers2 -f /etc/sasl2/my_sasldb test@myrepo: cmusaslsecretOTP test@myrepo: userPassword
