How does password expiration with a hosted Subversion (svn) repository work?

2
votes

I just uploaded my local svn file repository to an svn host. I notice that when checking out the code to my local (Linux) computer I have to provide my username and password (as expected) but subsequent operations (checkout, commit, log, etc.) does not require any authentication, so I take it that after initial login I stay logged in for some time.

My questions related to this are:

  1. How long do I stay logged in like this?

  2. What would trigger my access to the repository to expire?

  3. Can I manage the expiration time, and if so, is it done server side, or in my local subversion configuration?

I'm running svn 1.7.9 on Ubuntu 13.10 Linux.

Thanks!

1
linuxsvnauthenticationpasswordsrepository

1 Answers

2
votes

1) How long do I stay logged in like this?

You are not logged in. Your authentication tokens are saved somewhere under ~/.subversion/auth.

2) What would trigger my access to the repository to expire?

If you remove the file under ~/.subversion/auth which stores your password for the particular repository, then you will have to reenter the password again.

3) Can I manage the expiration time, and if so, is it done server side, or in my local subversion configuration?

That really depends on how authentication is configured on the server side.

Btw, you can prevent Subversion from saving your authentication tokens if you checkout using --no-auth-cache.

UPDATE

There is a lot more to this, as @BenReser points out:

Realize that the password is not necessarily stored under ~/.subversion/auth. We support a variety of platform specific credential storage (Windows Crypto API, OS X Keychain) and even in 1.8 GPG Agent. The GPG Agent case would behave somewhat like what he's envisioning, where the password is cached only for a certain amount of time, which he could configure. There is also NTLM/Kerberos support that may behave like a single sign on as well. So frankly it's really hard to answer this question without more details about his configuration.