我正在使用命令行 svn 客户端(版本 1.6.12,来自 Ubuntu 存储库),但我似乎无法让它缓存我的用户凭据。我正在尝试访问 https svn 存储库(类似于 https://subversion.FAKE.com/PROJECT 的内容)。我的此存储库的用户名与我的本地用户名不同。
这是 ~/.subversion/config 的 auth 部分
[auth]
### Set password stores used by Subversion. They should be
### delimited by spaces or commas. The order of values determines
### the order in which password stores are used.
### Valid password stores:
### gnome-keyring (Unix-like systems)
### kwallet (Unix-like systems)
### keychain (Mac OS X)
### windows-cryptoapi (Windows)
# password-stores = gnome-keyring
###
### The rest of this section in this file has been deprecated.
### Both 'store-passwords' and 'store-auth-creds' can now be
### specified in the 'servers' file in your config directory.
### Anything specified in this section is overridden by settings
### specified in the 'servers' file.
###
### Set store-passwords to 'no' to avoid storing passwords in the
### auth/ area of your config directory. It defaults to 'yes',
### but Subversion will never save your password to disk in
### plaintext unless you tell it to (see the 'servers' file).
### Note that this option only prevents saving of *new* passwords;
### it doesn't invalidate existing passwords. (To do that, remove
### the cache files by hand as described in the Subversion book.)
store-passwords = yes
### Set store-auth-creds to 'no' to avoid storing any subversion
### credentials in the auth/ area of your config directory.
### It defaults to 'yes'. Note that this option only prevents
### saving of *new* credentials; it doesn't invalidate existing
### caches. (To do that, remove the cache files by hand.)
store-auth-creds = yes
这是 ~/.subversion/servers 的全局部分
[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
# http-proxy-host = defaultproxy.whatever.com
# http-proxy-port = 7000
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
# ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem
#
# Password / passphrase caching parameters:
store-passwords = yes
store-plaintext-passwords = no
store-auth-creds = yes
# store-ssl-client-cert-pp = no
# store-ssl-client-cert-pp-plaintext = no
我所做的唯一更改是显式设置一些与存储密码相关的选项。我尝试设置password-stores = gnome-keyring但没有效果。此外,我删除了 ~/.subversion/auth (按照其他一些线程),但 svn 客户端仍然没有重新创建它。
有什么建议吗?我如何强制 SVN 存储我的凭据(在 ~/.subversion/auth 中或使用 gnome-keyring,我不在乎)。
你至少有三个选择
~/.subversion/config filepassword-stores = gnome-keyringstore-passwords = yes要以明文形式存储密码,请首先删除您的
~/.subversion$> cd <project directory>
$> svn update
Error validating server certificate for 'https://...':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: ...
- Valid: ...
- Issuer: ...
- Fingerprint: ...
(R)eject, accept (t)emporarily or accept (p)ermanently? p
Password for 'your username': secret
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<https://...> ...
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/.../.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes
注意!!!这将以明文形式保存您的密码(非常不安全),但它也会缓存您的密码,因此您不必每次都输入密码。最终密码以明文形式存储在
~/.subversion/auth/svn.simple/如果提到的所有选项均设置正确,则 svn 客户端可能由于权限原因而无法写入凭据文件。我发现这个线程遇到了相同的行为,权限就是解决方案。
对于回到这个问题的人;
在类似 Linux 的系统上,在 1.12 及更高版本上编译时会禁用纯文本密码的存储。
要强制启用它(同时了解安全隐患),您可以执行以下操作:
在 ~/.subversion/servers 文件中,您可以使用以下命令启用凭据存储:
商店验证信用=是
然后您可以运行 apache python 脚本来强制将您的凭据以明文形式保存在缓存中: apache faq.html#plaintext-passwords
subversion 的配置文件存在于用户区(你的主目录 ~/.subversion)和系统区(/etc/subversion),参见 http://svnbook.red-bean.com/en/1.1/ch07.html #svn-ch-7-sect-1.1。如果您有管理员权限,可以从系统文件中复制“config”和“servers”文件或直接编辑它们。
最简单但不安全的解决方案是让 Subversion 将凭据缓存在纯文件中。为此,只需设置
store-passwords = yes使用 gnome-keyring 存储密码可能不起作用,因为该工具尚未安装,或者
gnome-keyring-daemon不确定您是否仍在此处寻找答案;但选项“ssl-client-cert-password”可能就是您正在寻找的选项。
ssl-client-cert-password=<password>
不知道这个问题是否已经解决,但是你尝试过添加吗
password-stores =
到你的“配置”文件?
在您的配置中有一个选项
store-plaintext-passwords = no要恢复到 1.6 之前的行为,您可以将该值更改为
yes