No-one else has anything to say about this problem?
Linedata Limited Registered Office: 85 Gracechurch St., London, EC3V 0AA Registered in England and Wales No 3475006 VAT Reg No 710 3140 03
-----Original Message-----
From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Mathieu Baudier Sent: 14 July 2010 11:01 To: CentOS mailing list Subject: Re: [CentOS] Unloking gnome keyring on login
Sorry, if I was not clear: I was just throwing ideas because I will have soon to face a similar need. I just wanted to explore if you could avoid using the gnome-keyring at all. I was not pretending to give you a direct solution for your pb.
Subversion is already set up correctly to use the keyring
mechanism to store the password. It works. But, the first time I'm asked for the password to unlock the keyring. This is what I am trying to avoid. I don't think this has anything to do with Subversion.
Yes, but you have to use gnome-keyring in the first place because of this SVN password caching issue.
I'm not sure I understood you here. This way any user
coming from one of those IP will have access to the repository? How would I know who it is though?
You would have to issue certificates for the client. Definitely not a good option for you if you have many users. Could make sense if these are only "special" users such as build processes who need to access the SVN repo.
We did start with svn:// access, about 5 years ago when we
started using Subversion, but we abandoned it in favour of http://. Honestly, I don't remember what was the problem.
svn+ssh:// is not (exactly) the same as svn://
- svn:// access a svnserve daemon via the network
- svn+ssh:// is actually more like file:// (but safer), it
starts remotely an svnserve for each call and only for the duration of this call, reuse the OS credential and access the repository on the filesystem directly => it can be combined with http:// and access the same repository, but again would only work reasonably if there are not too many such accesses => if your OS users are also managed by LDAP this could offer you a consistent approach: in the end you would have the same user names in subversion whether you access it one way or the other
What do you mean by "I hope your developers are not working
on their code on a server from the command line" ?
I was just joking. Usually people develop from their workstation. Although I have already seen some development being done directly with vi on headless servers...
Most of the work is done on PC, so gnome-keyring is not
needed. But some work is done on the server, in personal working copies, and therefore I need a mechanism to store passwords. Because these are company passwords, I used LDAPS to authenticate against the company AD, they need to be encrypted.
If you PC are running Linux, then you have the same problem (unencrypted password). But I guess your users are on Windows PCs. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos