Using svnserve with SASL

For many teams, the built-in CRAM-MD5 authentication is all they need from svnserve. However, if your server (and your Subversion clients) were built with the Cyrus Simple Authentication and Security Layer (SASL) library, then you have a number of authentication and encryption options available to you.

Normally, when a subversion client connects to svnserve, the server sends a greeting which advertises a list of capabilities it supports, and the client responds with a similar list of capabilities. If the server is configured to require authentication, it then sends a challenge which lists the authentication mechanisms available; the client responds by choosing one of the mechanisms, and then authentication is carried out in some number of roundtrip messages. Even when SASL capabilities aren't present, the client and server inherently know how to use the CRAM-MD5 and ANONYMOUS mechanisms (see the section called “Built-in authentication and authorization”). If server and client were linked against SASL, then a number of other authentication mechanisms may also be available. However, you'll need to explicitly configure SASL on the server-side to advertise them.