SVN won't cache credentials

svn credentials
joek1010 picture joek1010 · Feb 21, 2011 · Viewed 25.1k times · Source

I'm using the commandline svn client (version 1.6.12, from the Ubuntu repos) and I can't seem to get it to cache my user credentials. I'm trying to access an https svn repository (something along the lines of https://subversion.FAKE.com/PROJECT). My username for this repo is different from my local username.

Here's the auth section of ~/.subversion/config

[auth]
### Set password stores used by Subversion. They should be
### delimited by spaces or commas. The order of values determines
### the order in which password stores are used.
### Valid password stores:
###   gnome-keyring        (Unix-like systems)
###   kwallet              (Unix-like systems)
###   keychain             (Mac OS X)
###   windows-cryptoapi    (Windows)
# password-stores = gnome-keyring
### 
### The rest of this section in this file has been deprecated.
### Both 'store-passwords' and 'store-auth-creds' can now be
### specified in the 'servers' file in your config directory.
### Anything specified in this section is overridden by settings
### specified in the 'servers' file.
### 
### Set store-passwords to 'no' to avoid storing passwords in the 
### auth/ area of your config directory.  It defaults to 'yes',
### but Subversion will never save your password to disk in
### plaintext unless you tell it to (see the 'servers' file).
### Note that this option only prevents saving of *new* passwords;
### it doesn't invalidate existing passwords.  (To do that, remove
### the cache files by hand as described in the Subversion book.)
store-passwords = yes 
### Set store-auth-creds to 'no' to avoid storing any subversion
### credentials in the auth/ area of your config directory.
### It defaults to 'yes'.  Note that this option only prevents
### saving of *new* credentials;  it doesn't invalidate existing
### caches.  (To do that, remove the cache files by hand.)
store-auth-creds = yes

And here's the global section of ~/.subversion/servers

[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
# http-proxy-host = defaultproxy.whatever.com
# http-proxy-port = 7000
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
# ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem
#
# Password / passphrase caching parameters:
store-passwords = yes
store-plaintext-passwords = no
store-auth-creds = yes
# store-ssl-client-cert-pp = no
# store-ssl-client-cert-pp-plaintext = no

The only changes I've made are to explicitly set a few options related to storing passwords. I've tried setting password-stores = gnome-keyring with no effect. Additionally, I deleted ~/.subversion/auth (as per some other threads) and it still hasn't been recreated by the svn client.

Any suggestions? How can I force SVN to store my credentials (either in ~/.subversion/auth or using the gnome-keyring, I don't care).

Answer

cyber-monk picture cyber-monk · Nov 30, 2011

You have at least three choices

  1. Setup ssh with no passwords (try this example)
  2. Use the gnome-keyring (google search for 'svn gnome keyring password'). This typically boils down to editing your ~/.subversion/config file (password-stores = gnome-keyring and store-passwords = yes).
  3. Store the password in plaintext.

To store the password in plaintext, first delete your ~/.subversion directory. This will delete any previously configured items such as server certs you've already accepted and any previously cached passwords. The next time svn is run it will recreate a 'blank' directory structure. Then run the svn command against your repository. You should see something similar to the following:

$> cd <project directory>
$> svn update
Error validating server certificate for 'https://...':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: ...
 - Valid: ...
 - Issuer: ...
 - Fingerprint: ...
(R)eject, accept (t)emporarily or accept (p)ermanently? p
Password for 'your username': secret
-----------------------------------------------------------------------
ATTENTION!  Your password for authentication realm:

  <https://...> ...

can only be stored to disk unencrypted!  You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible.  See the documentation for details.

You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/.../.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes

NOTE!!! This will save your password in plaintext (quite unsecure) but it will also cache your password so you don't have to type it every time. Ultimately the password is stored in plaintext in ~/.subversion/auth/svn.simple/.

Related questions

SVN change username

I found a lot of examples on how to change the username for specific revisions and so on. But what I need is this: I did a checkout with the authentication credentials of a workmate and need to change it …

Read More
Jenkins Subversion Error - E200015: No credential to try. Authentication failed

I've updated the Subversion plugin of jenkins to version 2.2 Now i get following error for repos which build the first time after the upgrade and for repos where something within an external changed. It works for all other builds as …

Read More
Jenkins & caching of SVN Credentials

Like a lot of people I am banging my head (again) against Jenkins and the subversion plugin. Authenication through the website (enter credentials) fails on authentication. Funny, since I can access svn with the same credentials. I have deleted: $HOME/.…

Read More