Authentication Credential Cache Storage Overhaul

Subversion 1.7 and older uses, primarily, an on-disk storage solution for cached authentication credentials. Bits of the more private information may be outsourced for storage to various OS keyring provider mechanisms as (see EncryptedPasswordStorage), but certainly the primary storage container are the on-disk serialized hash files stored in ${HOME}/.subversion/auth/${PROVIDERTYPE}/${REALMSTRING_MD5}. As we look to improve the client authentication subsystem in the future – especially when considering major overhauls such as the master passphrase in-house encryption feature (see MasterPassphrase), one area that stands out as in need of attention is the storage of cached authentication credentials.

Disk Cache

Here's an attempt at summarizing what type of information is currently stored on disk for each credential type:

Also interesting is that individual RA implementations do not necessarily agree on the realmstring. ra_neon builds realmstrings for itself to use. ra_serf builds some realmstrings for itself, but offloads some of that work to Serf (in the most common cases, even).

Outsourced Secure Cache

Here's a table describing the keys and values (of sorts) used when storing and retrieving passwords from third-party secure storage providers.