Tortoise SVN Using old password or no password after password change

[marku...@gothaer-systems.de]

Hi,
i have the following Issue and it is easy to create:
I have saved the password for an existing SVN Repository accessed via HTTPS.
I change the password for the repository (on the server).
When trying to browse the Repository after the Password Change i enter the same userid and the new password, but i do not set the save password checkbox and the following happens:
In Apache access.log i can see several 401 Response Codes
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/PaScha HTTP/1.1" 207 698
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1" 207 412
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bln/13014 HTTP/1.1" 207 471
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014/PaScha HTTP/1.1" 207 777
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1" 207 412
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/PaScha HTTP/1.1" 207 273
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/PaScha HTTP/1.1" 207 698
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/PaScha HTTP/1.1" 207 698
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/PaScha HTTP/1.1" 207 698
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1" 207 412
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bln/13014 HTTP/1.1" 207 471
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps/PaScha HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/PaScha HTTP/1.1" 207 698
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1" 207 412
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bln/13014 HTTP/1.1" 207 471
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014/PaScha HTTP/1.1" 207 777
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014/PaScha HTTP/1.1" 207 1060
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps HTTP/1.1" 207 657
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1" 207 412
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bln/13014 HTTP/1.1" 207 471
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014 HTTP/1.1" 207 775
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014 HTTP/1.1" 207 16968
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps HTTP/1.1" 207 657
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1" 207 412
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bln/13014 HTTP/1.1" 207 471
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014 HTTP/1.1" 207 331
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014 HTTP/1.1" 207 1261
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps HTTP/1.1" 207 657
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1" 207 412
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bln/13014 HTTP/1.1" 207 471
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014 HTTP/1.1" 207 775
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "REPORT /transfer/apps HTTP/1.1" 200 112
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/bc/13014 HTTP/1.1" 207 43758
MyIp - - [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 401 582
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 193
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS /transfer/apps HTTP/1.1" 200 97
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps HTTP/1.1" 207 657
MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "PROPFIND /transfer/apps/!svn/vcc/default HTTP/1.1
..... several more ...

In error.log i see that an access was tried with my Userid and the wrong (i think it's the old one, but i do not know) Password:
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps/PaScha": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps/PaScha": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps/PaScha": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps/PaScha": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps/PaScha": Password Mismatch
[Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid: authentication failure for "/transfer/apps/PaScha": Password Mismatch
... several more ...

Any Suggestions how to deal with this? From my point of view this is a bug. I have seen it several times and i had many reports by users locked out of our repository because they have tried  to many logon requests with a wrong password.

Markus
____________________________________________________________________________________________________
Gesellschaft: Gothaer Systems GmbH
Sitz: Gothaer Allee 1, 50969 Köln (Hausanschrift)
Aufsichtsrat: Dr. Mathias Bühring-Uhle (Vorsitzender)
Geschäftsführung: Dr. Hans Volkmar Weckesser (Vorsitzender), Hans Berg
Rechtsform: Gesellschaft mit beschränkter Haftung
Registergericht: Amtsgericht Köln, HRB 25642
USt.-IdNr. DE811850000

[Stefan Küng]

On 16.01.2015 13:27, marku...@gothaer-systems.de wrote:
> Hi,
> i have the following Issue and it is easy to create:
> I have saved the password for an existing SVN Repository accessed via
> HTTPS.
> I change the password for the repository (on the server).
> When trying to browse the Repository after the Password Change i enter
> the same userid and the new password, but i do not set the save password
> checkbox and the following happens:
> In Apache access.log i can see several 401 Response Codes
> MyIp - MyUserid [16/Jan/2015:12:35:34 +0100] "OPTIONS

[snip]

> ..... several more ...
>
> In error.log i see that an access was tried with my Userid and the wrong
> (i think it's the old one, but i do not know) Password:
> [Fri Jan 16 12:35:34 2015] [error] [client MyIp] user MyUserid:
> authentication failure for "/transfer/apps/PaScha": Password Mismatch

> ... several more ...
>
> Any Suggestions how to deal with this? From my point of view this is a
> bug. I have seen it several times and i had many reports by users locked
> out of our repository because they have tried to many logon requests
> with a wrong password.

When you have saved the password once, it's saved on disk and used on
every authentication request from the server.
If you now change the password on the server, that saved password is
still used (the client can't know that you've changed the password).
Since authentication fails with the old password, svn then asks for you
for the password. If you now enter that new password but don't save this
password to disk, then the very same happens over and over again:
the saved password is used, auth fails, your entered password is used,
auth succeeds.

The problem you see here is that the repository browser does many, many
connections to the repository, and each one requires authentication. So
for every one of those, the first authentication fails and the second
one succeeds - but your server has of course a limit on how many failed
authentications it allows before it blocks you.

There's nothing you can do here except to either clear the auth cache
(settings dialog, saved data) or save the new authentication immediately.

Stefan


--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest interface to (Sub)version control
/_/ \_\ http://tortoisesvn.net

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3094399

To unsubscribe from this discussion, e-mail: [users-un...@tortoisesvn.tigris.org].

[marku...@gothaer-systems.de]

Hello Stefan,
thank you for your response. This the way i expected the client to work.
The main reason why this happens is the way the client works.
If i use svn commandline the new password is saved by default (Windows Client). When i use a new password in tortoise svn the default is the other way around.
I have also tried to set the store-passwords parameter in the servers file. This setting is ignored by the tortoise client. If i set the checkbox to save the password i have to set the checkbox again after a password change
Is there a way to make tortoise client using the same settings used by the commandline oder remembering the setting of the checkbox?

[Stefan Küng]

On 19.01.2015 12:34, marku...@gothaer-systems.de wrote:
> Hello Stefan,
> thank you for your response. This the way i expected the client to work.
> The main reason why this happens is the way the client works.
> If i use svn commandline the new password is saved by default (Windows
> Client). When i use a new password in tortoise svn the default is the
> other way around.
> I have also tried to set the store-passwords parameter in the servers
> file. This setting is ignored by the tortoise client. If i set the
> checkbox to save the password i have to set the checkbox again after a
> password change
> Is there a way to make tortoise client using the same settings used by
> the commandline oder remembering the setting of the checkbox?

Created issue #687 for this:
https://code.google.com/p/tortoisesvn/issues/detail?id=687

Stefan

--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest interface to (Sub)version control
/_/ \_\ http://tortoisesvn.net

------------------------------------------------------

http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3094536