No-one else has anything to say about this problem? > Linedata Limited Registered Office: 85 Gracechurch St., London, EC3V 0AA Registered in England and Wales No 3475006 VAT Reg No 710 3140 03 -----Original Message----- > From: centos-bounces@xxxxxxxxxx > [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Mathieu Baudier > Sent: 14 July 2010 11:01 > To: CentOS mailing list > Subject: Re: Unloking gnome keyring on login > > Sorry, if I was not clear: I was just throwing ideas because > I will have soon to face a similar need. > I just wanted to explore if you could avoid using the > gnome-keyring at all. > I was not pretending to give you a direct solution for your pb. > > > Subversion is already set up correctly to use the keyring > mechanism to store the password. It works. But, the first > time I'm asked for the password to unlock the keyring. This > is what I am trying to avoid. I don't think this has anything > to do with Subversion. > > Yes, but you have to use gnome-keyring in the first place > because of this SVN password caching issue. > > > I'm not sure I understood you here. This way any user > coming from one of those IP will have access to the > repository? How would I know who it is though? > > You would have to issue certificates for the client. > Definitely not a good option for you if you have many users. > Could make sense if these are only "special" users such as > build processes who need to access the SVN repo. > > > We did start with svn:// access, about 5 years ago when we > started using Subversion, but we abandoned it in favour of > http://. Honestly, I don't remember what was the problem. > > svn+ssh:// is not (exactly) the same as svn:// > - svn:// access a svnserve daemon via the network > - svn+ssh:// is actually more like file:// (but safer), it > starts remotely an svnserve for each call and only for the > duration of this call, reuse the OS credential and access the > repository on the filesystem directly => it can be combined > with http:// and access the same repository, but again would > only work reasonably if there are not too many such accesses > => if your OS users are also managed by LDAP this could offer > you a consistent approach: in the end you would have the same > user names in subversion whether you access it one way or the other > > > What do you mean by "I hope your developers are not working > on their code on a server from the command line" ? > > I was just joking. Usually people develop from their workstation. > Although I have already seen some development being done > directly with vi on headless servers... > > > Most of the work is done on PC, so gnome-keyring is not > needed. But some work is done on the server, in personal > working copies, and therefore I need a mechanism to store > passwords. Because these are company passwords, I used LDAPS > to authenticate against the company AD, they need to be encrypted. > > If you PC are running Linux, then you have the same problem > (unencrypted password). > But I guess your users are on Windows PCs. > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos