Can't make SVN store passwords, even though the configuration is set to allow it

With recent versions of Subversion (~ 1.8) you can configure password caching via $HOME/.subversion/servers:

[global]
store-passwords = yes
store-plaintext-passwords = yes

But depending on your system this may be not enough. If it is not, make sure that $HOME/.subversion/config contains:

[auth]
password-stores =

Which means that the variable password-stores is explicitly set to the empty string (background is that svn now contains support for some key-agent tools - and the interfacing to the default configured ones may be fragile - resulting in silent ignoring of the above options and non-caching behaviour).

When using svn for the first time, the hierachy $HOME/.subversion is created after the first svn operation - e.g. when doing the first checkout. Subversion creates then the mentioned files and fills them with the most important options - commented out, including some documentation.

Thus, it also makes sense to move an old $HOME/.subversion directory away to have a well-defined starting point.

Another pitfall are permissions - i.e. files which are not readable under $HOME/.subversion - but this should not often be the problem, because when svn creates them, it takes care of the right permissions (e.g. the auth directory is only readable by the user then, not by the group/all, independent of the configured umask).


I would like to submit a detailed answer in case it helps someone in future.

Subversion 1.6 and later will cache your username and password by default however it will not cache the passwords in plaintext unless you explicitly allow it via the command line or by changing the Subversion configuration.

If you checked out a working copy using the --username and --password options you will see the following message:

-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:

<https://subversion.assembla.com:443> Assembla Restricted Area

can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.

You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'~/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)?


So as mentioned in the message, subversion will only save the password unencrypted if you enter 'yes'. If you do so then you should not need to add the --username or --password options when performing svn commands in future.

However, if you prefer not to see this prompt at all you can change the global configuration for your Subversion client by changing the configuration file called "server" on your local machine. It is stored here:

~/.subversion/server

You will need to add the following lines to the "server" file:

[global]
store-plaintext-passwords = yes

With this change, you only need to perform an svn command using the --username and --password options once. Then Subversion will automatically save your credentials without the above prompt.

For more information on disabling this warning about caching passwords in plain text see the Subversion 1.6 Security Improvements blog post.


I ran into this same issue, and believe I set all the appropriate configs in .subversion/servers and .subversion/config, too, tried removing .subversion/auth, etc., but to no avail.

I ended up saving the credentials by moving the .subversion directory (or removing it would work too) and running svn co. I got the following message:

-----------------------------------------------------------------------
ATTENTION!  Your password for authentication realm:

   <http://sweeney:80> Subversion repository

can only be stored to disk unencrypted!  You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible.  See the documentation for details.

You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/davids/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)?

I typed yes, and then got the same message. Stubbornly, I typed yes again. Now my password seems to be saved.

Somewhat surprisingly, looking at the configs in .subversion, none of the settings are uncommented; they're all set to the defaults, so I imagine I would have to answer this warning twice to save a password for a different server in the future.

Hope this helps.

Tags:

Svn

Recent Posts