On Wed, Jan 26, 2011 at 07:08:55PM -0700, Donner, Sean P wrote: > > It's because of how CramMD5 works. > > > > "The server needs access to the users' plain text passwords." > > http://en.wikipedia.org/wiki/CRAM-MD5 > > > > Stefan > > Perhaps I'm wrong, but I was under the impression that the 1.6.x version of > 'svnserve' natively supports CRAM-MD5; meaning you *don't* need to set > 'use-sasl = true' to get this functionality.
That's correct. But you can still configure SASL do to CRAM-MD5. So there might be a bug in svn. Maybe it still assumes that plaintext passwords will always be present. > So my original question stands as > to what SASL is buying us when it still requires plain-text passwords to be > stored on the server? Unfortunately the sasl stuff is not being maintained very actively. The developers who wrote it aren't active anymore. There are a couple of outstanding issues (some with half-done patches floating around) that haven't been addressed due to lack of interest and resources. So if you want to help out with investigating this problem more closely and possibly also help with fixing this the Subversion project would be grateful. Stefan
