Is there any possible way to check if a SVN update needs authentication or not?
Scenario : I have written a ruby GUI app which updates SVN repositories (from a static path) in a scheduled manner. This executes as a windows service. Also have tortoisesvn installed.
In ruby when I execute
svn update local_path_to_repository --username user --password password in my script then it works fine as I am passing the username & password with the update command.
But, tortoisesvn saves the password (by caching password, using standard Windows cryptography services to encrypt the password on disk) when I checkout the repository for the first time so I don't necessarily need to pass the username and password every time. Thus I just have svn update local_path_to_repository in my script.
Issue: This works fine until I change my LDAP password. Once my LDAP password is changed all the repository fails to get updated as it is requesting for the new password but there is no user interface for passing the new password.
I need to build the username and password UI only when svn updates needs those credentials but not always. How do I achieve this?
Update : Reading from the SVN book. I Understood that:
The client checks whether the user specified any credentials as command-line options (--username and/or --password). If not, or if these options fail to authenticate successfully, then
The client looks up the server's hostname, port, and realm in the runtime auth/ area, to see if the user already has the appropriate credentials cached. If not, or if the cached credentials fail to authenticate, then
Finally, the client resorts to prompting the user (unless instructed not to do so via the --non-interactive option or its client-specific equivalents).
But I did not find a way to check if authentication is required.
Can anyone please help me!
So I finally found a work around by doing:
output = `svn update "#{repo_path}" --non-interactive 2>&1`
check_authentication = output.include?("Authentication failed")
if check_authentication returns true meaning authentication has failed then I build the GUI for entering the new password and send it to the user.
Related
I chose credential type as 'Machine'.
What are the required parameters for the Username and Password fields to set up a bare-minimum credential.
Upon trying multiple times, I get :
Enter passphrase for /tmp/awx_1977135_t5pmrI/credential_4343:
with no option to input anything.
You just need to create Username and Password. You can also provide the privilege escalation method(for eg: sudo).
Make sure the password is in encrypted format.It is mentioned in the known issues
If your Tower server has a version of OpenSSH that predates 5.7, jobs will fail when launched jobs with ECDSA credentials.
If the key is unencrypted, your job will fail with a message similar to:
Enter passphrase for /tmp/ansible_tower_RcQweY/tmph9Jote:
https://docs.ansible.com/ansible-tower/3.0/html/release-notes/known_issues.html
You can also try to delete the one which you created and create from scratch.
I installed postgresql on windows and while the installation it asks to make a user for the account.This made a new windows user in my computer called postgres, I have created a password for it as well.
Now I want to run psql on windows command line, it asks for a password (without mentioning the user) and always gives me back the error: psql: FATAL: password authentication failed for user "Ash". Even though I have put my accounts password many times.
using pgadmin I changed the user "postgres" to "Ash" but I have yet to remake the password. I followed the steps here: I forgot the password I entered during postgres installation (I rather types host all 127.0.0.1/32 trust because I am on windows), but when running psql again so that I can change the password I get the error: psql FATAL:could not load pg_hba.conf. All together.
Why can it not load? All I did was add an extra authentication option.
Also, is the windows user separated from a postresql user or are they the same(depend on each other)?
Edit:
As you can see, it did not give me the option to choose if Aisha should be a superuser or not. or the other options for that matter.
I also used pgadmin||| to create a new user but the same error pops up:
The user does not exist so why does it do this?
The user on your machine has nothing to do with the user on PostgreSQL. The installer just creates an account and a PostgreSQL role with the same name and password (which in my mind is a bad idea), but they're not related in any way. The Windows user is used to run the server, the PostgreSQL role is used inside the database.
So you should first access the server with the user postgres and then create a user for yourself. Don't change the username inside the server, or the server's running user! Just create a new username and grant it the permissions you need.
You can use psql -U postgres to connect to the server and it'll ask for the password.
Check the permissions for pg_hba.conf, the postgres user must have permissions for it. If you only edited it as an admin, it should be ok, but if you took permissions or anything else, it may mess it up.
createuser is a command-line utility. Use CREATE USER username WITH PASSWORD 'fred'; or similar at the SQL level in psql. Note the semicolon.
What you're doing in your screenshot is starting to write an SQL command beginning with createuser, but never sending it to the server to run because there's no semicolon terminator. So you never get the error that would tell you it doesn't make sense to do that.
I had exactly the same problem and this line solved it;
createuser --createdb -U postgres --login -P 'your_new_user'
#sami-kuhmonen was right, but his approach of solving the problem did not work for me.
This can also happen if the encryption for stored passwords does not match the encryption for connections as defined in postgresql.conf ang pg_hba.conf
For example, if postgresql.conf has:
password_encryption = md5
but pg_hba.conf has:
host all all 10.0.0.110/24 scram-sha-256
Then all connections on the 10.0.0.110 interface will have the 'FATAL: password authentication failed error'.
Remember that if you change either of these files you will need to restart postgresql and if you change the password encryption in postgresql.conf you will need to change the passwords for all of the users.
Hope this helps some others with this problems.
I was having the same error. I get to solve it by locating the "pg_hba.conf" file. You can use this navigation:
C:\Program Files\PostgreSQL\14\data\pg_hba.conf
Then inside the file, changed all the methods "scram-sha-256" to trust and problem was solved.
I'm currently storing my maven credentials in ~/.m2/settings.xml:
<server>
<id>my_server_id</id>
<username>my_username</username>
<password>my_password</password>
</server>
However, I'm not satisfied with having the password in clear text, since the password is used for other services, so I'd rather prompt the user for the password when doing a mvn deploy. I'm deploying to a Nexus OSS install via https.
I know that the password can be encrypted, but since the encryption is reversible, this solution is not appropriate for my case.
Is there a way to make Maven prompt for a password when doing an https deploy?
As mentioned this functionality is currently not supported in the plugin. Issue MDEPLOY-51 actually asks for this improvement:
Allow the user to supply a user name password for a remote server when
the deploy goal is called. Currently you have to add the repository
username and password to the server.xml file. It would be helpful if
the user could be prompted for a username and password on the command
line. The password should be hidden when it is entered.
I would suggest voting for this improvement, or possibly implement the functionality yourself.
The maven-deploy-plugin doesn't have an interactive mode, so no, you can't do this easily. The usual approach is to encrypt the credentials in your settings.xml file.
If you really feel you need this feature, you can always checkout the sources of the plugin and add interactive mode yourself and then contribute it back to the community.
As an alternative to querying the user at run time, you can pass the username and password as args.
Try this mvn whatevergoal -Dusername -Dpassword
then inside the pom.xml ${username} and ${password}
We already had a secured VPN using OpenVPN, so we don't want to use Git with SSH to avoid double encryption.
I successfully set up Bonobo Git Server on IIS 7 on Windows 2008 RC2 and created an repository. But when I tried to clone that repository from my laptop using Git GUI, it kept asking me username and password repetitively although I gave it the correct username and password created on Bonobo Server.
When I intentionally gave it incorrect credentials, it threw an expected authentication error.
Do you have any advice for me so I can connect to Git Server? Is it due to the lack of SSH keys?
As far as I can see, Bonobo offers three different authentication mechanisms: Forms, Basic, and Windows authentication. None of these involve SSH, so no, you are not using SSH and you don’t need SSH keys to make this work. SSH is just one mechanism that is commonly used for Git servers (simply because they run on Linux machines, and SSH access is very common there).
Bonobo uses the forms authentication by default. I believe you cannot preset the login information anywhere so you don’t have to enter it over and over again. You can do that with basic authentication though by changing the remote URL to include the credentials (e.g. http://user:password#bonobo-server/project.git). Of course, this will put the credentials in clear text into the repository’s configuration file, and also send the password in clear text over the network. The VPN connection will prevent someone outside of the VPN connection reading out that password, but inside of the VPN connection it is sent as clear text, so keep that in mind.
The more secure way would be Windows authentication. It uses your Windows login to authenticate at the server, and you won’t need to store your password somewhere. To Windows, it’s the “natural” authentication system, just like SSH is to Linux.
I was successful with poke's suggestion in his comment, which is utilizing a shared folder pointing to a remote bare repository.
Since version 5.50 the Bitvise SSH Server allows connected client to authenticate to Windows user account without providing this user's Windows password. See here: https://www.bitvise.com/ssh-server-version-history
I've checked it myself - it does indeed.
My question is of pure curiosity: what kind of sorcery is this? Is there any WinAPI that allows such thing or is this some kind of clever hack? I always thought it is impossible to impersonate as other user without a password (as even when configuring Windows service or scheduled task to "run as user" it is neccessary to provide one).
IIRC, the SSH server in Cygwin does the same thing.
If you have the appropriate privileges you can create an access token with ZwCreateToken, no password required. Such a token has some limitations. For example, you can't access network resources without a password and some encrypted material isn't accessible.
There's an explanation and some sample code here.
Since version 5.50, Bitvise SSH Server comes with a Windows authentication package. An authentication package can enhance the Windows logon process in custom ways. When the SSH server needs to log you in, but does not have a password (e.g. because you logged in with a public key), it calls the authentication package to construct a logon token which closely resembles the logon token that would have been created by Windows. As arx has noted, a session created this way does not contain your authentication credentials, so side effects are that you can't access things like network resources and EFS.