On Fri, Jun 10, 2011 at 6:26 PM, Geoff Hoffman <ghoff...@cardinalpath.com> wrote: > I posted about this on the Ubuntu forums but thus far nobody has replied. > When SSH'd into the box and using svn operations, I'm getting the dastardly > warning about my password is going to get stored to disk unencrypted. > I read about Subversion 1.6 security changes. > I read about Subversion 1.6 on Ubuntu Server over at superuser.com. > I read about gnome-keyring over at stackoverflow. > I've been doing a lot of reading on it. > I have done the following: > * installed gnome-keyring > *edited my ~/.subversion/config to turn > password-stores = gnome-keyring > edited my ~/.subversion/servers to > store-passwords = yes > store-plaintext-passwords = no > Thing is, I'm not using any GUI so it's still not working. Should I try > encfs ? > I read another post about a tool from CollabNet called keyring_tool but I > don't have it on this system. Where do I get that? I've never run into these > issues before (new distro, new svn version). > Any additional insight would be very much appreciated.
I have *never* gotten the gnome keyrings working well with Subversion. I'm afraid there are a lot of subtly distinct implementations of the necessary toolchain out therem abd the lot of them tend to be pretty fragile. Frankly, I find it more effective, and safer, to use SSH keys and a key agent as necessary, with a key specifically dedicated to the SVN access. This can be mandated with "SVN_SSH='ssh -l username -i keyname'" to avoid using other keys. The stored SSH public keys on the remote server can even be set to restrict access to only svnserve tunneling, even to read-only access. Coupled with the kind of single svn user account setup described in passing in the "Red Book", it's a better security model than giving all SVN clients shell access to the server.
