6

Has anyone come up with a way to allow remote users to change their own passwords in VisualSVN server? We have it running in 'stand-alone' (non-ActiveDirectory) mode and the only down side that I've found to this excellent product is that users can't set or change their passwords.

It's something I can live with, but the security implications of passwords that never change are well known. I'm sure it must be possible to add the functionality, but I'm not the least bit talented in any of the technologies used by VisualSVN - so just wondering if anyone has done it?

UPDATE 2010-12-21

I've decided to have a bash at implementing this myself. First obstacle, with which I'd appreciate some help, is the password encryption. I've found that VisualSVN has a password file, called htpasswd which has a list of users in the following format:

JoePublic:$apr1$lpq$kF8nZjjuFxgJBExK8ruf20

JoePublic is the username, I presume the colon is a delimiter and the rest is some sort of password hash. The actual password used in this case was ForgetMeNot.

This doesn't seem to be an MD5 or SHA hash, but I'm not very worldly wise in this area, so it may well be. Given the information above, can anyone deduce the algorithm being used?

bahrep
  • 29,961
  • 12
  • 103
  • 150
Tim Long
  • 13,508
  • 19
  • 79
  • 147
  • @BoltClock, I rolled back your re-tag because this really doesn't have anything to do with SVN. This is very specific to the authentication scheme built into VisualSVN Server, which is separate and distinct from SVN. Unless I'm missing something...? – Tim Long Dec 22 '10 at 00:19
  • Progress update: I noticed that Apache comes with a utility called htpasswd, I wonder if that's related to VisualSVN's htpasswd file? – Tim Long Dec 22 '10 at 00:31

4 Answers4

3

You can't reset user's password via web interface however WMI (Windows Management Instrumentation) provider of VisualSVN Server allows you to reset a password. I.e. you can access VisualSVN Server via WMI so you can write a script on various programming languages to manage the server and automate maintenance tasks.

See Windows Management Instrumentation interface reference.

Unfortunately VisualSVN Server WMI provider is not documented however you can look though MOF file which describes available classes, methods and properties. You can also check WMI Administrative Tools, this toolkit is very helpful when you want to explore WMI infrastructure.

The following PowerShell script will set qwerty123 password for a Subversion user username on a VisualSVN Server instance located on computer.contoso.com on your network.

$svnuser = Get-WmiObject -Namespace Root\VisualSVN -ComputerName computer.contoso.com -query "select * from VisualSVN_User where name = 'username'"
$svnuser.SetPassword('qwerty123')

Please note that this script is a sample and you may need to adjust the command to work in your environment. E.g. you may need to pass '-credential' parameter to authenticate successfully. Make sure that user account under which you authenticate has administrator privileges or at least is a member of VisualSVN Server Admins local group.

bahrep
  • 29,961
  • 12
  • 103
  • 150
3

If you need that functionality then you'll need to integrate with Active Directory, which is really a good idea anyways so users don't have to manage multiple separate passwords.

Samuel Neff
  • 73,278
  • 17
  • 138
  • 182
  • 1
    That's true, and normally I would do that, but these users are external to my organization and I don't want them to log into anything other than the SVN server, certainly not my domain. And I don't want to buy CALs for them. So in this case, AD isn't really a good option. But +1 for a good suggestion. – Tim Long Dec 06 '10 at 04:07
  • 1
    @Tim Long, does VisualSVN store the internal username/password list in a plain text file? I didn't see any details in the help but it's worth poking around the repository for a users file. If that's the case, then build your own tiny password management web page for users to manage their own passwords. – Samuel Neff Dec 06 '10 at 05:08
  • I think I might just have a go at that. I'm updating my question accordingly, would you mind having a look and commenting? – Tim Long Dec 21 '10 at 23:35
  • 1
    @Tim Long, you shouldn't really ask follow up questions by editing the original. While related, the new question is really quite different, specifically, "How does SVN / VisualSVN generate password hashes?". You should post is as a new question. – Samuel Neff Dec 22 '10 at 03:21
2

The password used by VisualSVN is md5 format with htpasswd. Basically to test, use this:

htpasswd -cm test.htpass JoePublic

and verify the results.

keithxm23
  • 1,280
  • 1
  • 21
  • 41
Jack Schnider
  • 21
  • 1
  • Sorry I don't understand. Is htpasswd part of VisualSVN? What does that command actually verify? – Tim Long Dec 27 '11 at 03:31
  • Upvoted as it works. @TimLong: htpasswd.exe (because Windows) is part of Apache. If one is using Visual SVN Server authentication instead of Windows authentication, there will be a file at the repositories root directory named htpasswd. It contains output when htpasswd is given the username and password strings, with the md5 option. – blizpasta Oct 23 '17 at 08:12
1

As of version 4.3.6, it can be done from the browser by user. The server properties panel.

enter image description here

The option appears on top right corner of the page when accessed through browser

enter image description here

Ironluca
  • 3,402
  • 4
  • 25
  • 32
  • Awesome. But in the 12 years and 6 months since I posted that, the entire world has migrated to Git ;-) – Tim Long Jun 14 '23 at 08:46