SVN: svn can't read nor write cached credentials by using windows-cryptoapi
44 views
Skip to first unread message
Dirk Hasselmann
Jun 30, 2016, 6:58:40 AM6/30/16
to jenkins...@googlegroups.com
We use as client windows 7, cygwin with
SSHD, Jenkin: 1.642 and Windows slave: 2.53.2 via SSH.
In case we want to access to SVN while processing a build step we use svn.exe (CollabNet client) to access our SVN.
To logon we can't use the cached credentials and use secret text as work around.
But under special circumstances we need to have the access to the cached credentials.
I figured out that the write and read of the password is just possible when we configure the svn client in the following way:
config file servers:
store-passwords = yes
store-ssl-client-cert-pp = yes
store-plaintext-passwords = yes
store-ssl-client-cert-pp-plaintext = yes
If we use the default settings for windows and call svn without option --no-auth-cache then the credentials will be stored but the password part inside Subversion\auth\svn.simple\123465789 is empty.
The svn client inside cygwin behave in the absolute same way.
If we use the default setting of the svn client and we use for the Jenkins client Java Web Start then the same client store and read credentials by using windows-cryptoapi/wincrypt. The same success (read/write windows-cryptoapi/wincrypt) is when I logged on manually per ssh to the client and interact to the SVN server.
Just the access per Jenkins via SSH is different and just possible by using plain text to store an read the password for svn command line client like Unix/Linux would do.
I got therefore the impression that the svn.exe can not recognize that this present shell (logon per Jenkins SSH) is a windows based shell. The compare of the environment variables of these two environments (Java Webstart vs. SSH) doesn't give a successful hint to me.
What is the different between Java Webstart and SSHD client start from Jenkins point of view?
or
What can I do to make svn believe that it can use the windows crypt environment?
Kind regards
Dirk Hasselmann
..............................................................................
Confidentiality Notice
The information contained in this Email, and any attachments, is intended for the named recipients only. It may contain confidential and/or legally privileged information. If you are not the intended recipient, you must not copy, store, distribute or take any action in reliance on it. Any views expressed do not necessarily reflect the views of the company.
If you receive this Email by mistake, please advise the sender by using the reply facility in your Email software and then delete it.
.............................................................................
In case we want to access to SVN while processing a build step we use svn.exe (CollabNet client) to access our SVN.
To logon we can't use the cached credentials and use secret text as work around.
But under special circumstances we need to have the access to the cached credentials.
I figured out that the write and read of the password is just possible when we configure the svn client in the following way:
config file servers:
store-passwords = yes
store-ssl-client-cert-pp = yes
store-plaintext-passwords = yes
store-ssl-client-cert-pp-plaintext = yes
If we use the default settings for windows and call svn without option --no-auth-cache then the credentials will be stored but the password part inside Subversion\auth\svn.simple\123465789 is empty.
The svn client inside cygwin behave in the absolute same way.
If we use the default setting of the svn client and we use for the Jenkins client Java Web Start then the same client store and read credentials by using windows-cryptoapi/wincrypt. The same success (read/write windows-cryptoapi/wincrypt) is when I logged on manually per ssh to the client and interact to the SVN server.
Just the access per Jenkins via SSH is different and just possible by using plain text to store an read the password for svn command line client like Unix/Linux would do.
I got therefore the impression that the svn.exe can not recognize that this present shell (logon per Jenkins SSH) is a windows based shell. The compare of the environment variables of these two environments (Java Webstart vs. SSH) doesn't give a successful hint to me.
What is the different between Java Webstart and SSHD client start from Jenkins point of view?
or
What can I do to make svn believe that it can use the windows crypt environment?
Kind regards
Dirk Hasselmann
..............................................................................
Confidentiality Notice
The information contained in this Email, and any attachments, is intended for the named recipients only. It may contain confidential and/or legally privileged information. If you are not the intended recipient, you must not copy, store, distribute or take any action in reliance on it. Any views expressed do not necessarily reflect the views of the company.
If you receive this Email by mistake, please advise the sender by using the reply facility in your Email software and then delete it.
.............................................................................
Reply all
Reply to author
Forward
0 new messages