VisualSVN Server password change

Tim Long picture Tim Long · Dec 4, 2010 · Viewed 10.2k times · Source

Has anyone come up with a way to allow remote users to change their own passwords in VisualSVN server? We have it running in 'stand-alone' (non-ActiveDirectory) mode and the only down side that I've found to this excellent product is that users can't set or change their passwords.

It's something I can live with, but the security implications of passwords that never change are well known. I'm sure it must be possible to add the functionality, but I'm not the least bit talented in any of the technologies used by VisualSVN - so just wondering if anyone has done it?

UPDATE 2010-12-21

I've decided to have a bash at implementing this myself. First obstacle, with which I'd appreciate some help, is the password encryption. I've found that VisualSVN has a password file, called htpasswd which has a list of users in the following format:

JoePublic:$apr1$lpq$kF8nZjjuFxgJBExK8ruf20

JoePublic is the username, I presume the colon is a delimiter and the rest is some sort of password hash. The actual password used in this case was ForgetMeNot.

This doesn't seem to be an MD5 or SHA hash, but I'm not very worldly wise in this area, so it may well be. Given the information above, can anyone deduce the algorithm being used?

Answer

Samuel Neff picture Samuel Neff · Dec 4, 2010

If you need that functionality then you'll need to integrate with Active Directory, which is really a good idea anyways so users don't have to manage multiple separate passwords.