Setup SASL2 with SVN
Sasl makes your passwords encrypted and also encrypts the connection between the SVN server and the client. Basically a good idea to setup for SVN servers on the internet. The example below is based on the linux install on a DS1511+ Synology NAS. In a previous article I describe how to setup SVN. Also one article is about how to use the post-commit triggers of SVN.
Now let’s start setting up SASL for SVN!
ipkg install cyrus-sasl
bash-3.2# cat svnserve.conf
[general]
anon-access = none
auth-access = write
# password-db = passwd
# authz-db = authz
realm = MyRealm
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256 Use the same realm else it wont work!
Create users with saslpasswd2 saslpasswd2 -c -f /opt/etc/svnsasldb -u MyRealm <username> Make it accessible and readable by the svnserve
chown svnowner:root svnsasldb vi /opt/lib/sasl2/svn.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: DIGEST-MD5
sasldb_path: /opt/etc/svnsasldb
ipkg install cyrus-sasl
bash-3.2# cat svnserve.conf
[general]
anon-access = none
auth-access = write
# password-db = passwd
# authz-db = authz
realm = MyRealm
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256 Use the same realm else it wont work!
Create users with saslpasswd2 saslpasswd2 -c -f /opt/etc/svnsasldb -u MyRealm <username> Make it accessible and readable by the svnserve
chown svnowner:root svnsasldb vi /opt/lib/sasl2/svn.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: DIGEST-MD5
sasldb_path: /opt/etc/svnsasldb
That’s all!.
Beware that the svn on OSX 10.7 does not support DIGEST-MD5 + encryption. Eclipse however will do fine and so will a lot of other SVN software