• Authentication

    With CVS's pserver, you are required to “login” to the server before any read or write operation–you sometimes even have to login for anonymous operations. With a Subversion repository using Apache httpd or svnserve as the server, you don't provide any authentication credentials at the outset–if an operation that you perform requires authentication, the server will challenge you for your credentials (whether those credentials are username and password, a client certificate, or even both). So if your repository is world-readable, you will not be required to authenticate at all for read operations.

    As with CVS, Subversion still caches your credentials on disk (in your ~/.subversion/auth/ directory) unless you tell it not to by using the --no-auth-cache option.

    The exception to this behavior, however, is in the case of accessing an svnserve server over an SSH tunnel, using the svn+ssh:// URL scheme. In that case, the ssh program unconditionally demands authentication just to start the tunnel.


    The Version Control with Subversion book is licensed under the Creative Commons Attribution License v2.0.
    To submit comments, corrections, or other contributions to the text, please visit http://www.svnbook.com.