[CentOS] Unloking gnome keyring on login
Mathieu Baudier
mbaudier at argeo.org
Wed Jul 14 08:50:37 UTC 2010
> Just to let you know, I use the keyring to store passwords for a Subversion repository. The first time, after logging in, I use Subversion I am asked for the password to unlock the keyring. Then everything goes fine, i.e. I'm not ask for the Subversion password.
Which version of Subversion are you using?
Just a thought: don't you think you should rather go for a Subversion
specific mechanism to store the passwords / access safely the
repositories?
I can imagine that you are worried about the famous limitation that
SVN passwords are stored in plaintext on Linux:
http://help.collab.net/index.jsp?topic=/faq/cachepassword.html
http://www.linuxforu.com/previews/subversion-16-security-improvements-illustrated/
But maybe, if you control the SVN server config as well, you could
setup a certificate based auth in Apache (restricted to your clients
IPs) without requiring to use the actual password: your Linux client
setup would then be as safe as your Linux auth (since the certificates
would be protected in the .subversion of your users)
Another approach could be to use an svn+ssh:// access to your
repository for your server-side Linux users. The problem is that it
doesn't work well with parallel access. But if this is just to start a
build from time to time that may be enough...
(I hope your developers are not working on their code on a server from
the command line :)
I was just trying to think on another approach, in case this is only
for Subversion that you have to go through this pain.
It feels kind of wrong to use gnome-keyring on the server (I use it
with pam_keyring on my CentOS workstations, but you already tried
that).
Anyhow, I'm really interested in your effort, because I will have to
set up something similar soon.
More information about the CentOS
mailing list