The hash is highlighted below ~
So, what I'm doing to simulate a "cvs-login" on subversion is to fire a MKACTIVITY request to the server. (this is documented in the protocol that most "write" operations first fire it before any other operation).
This MKACTIVITY request will be responded with HTTP-401 Authorization Required =]
Then, I use the info from the HTTP-401 and generate a valid hash of it.... Fire back another MKACTIVITY request with Authorization header.
If... server still reply me with HTTP-401... then the user-password is not valid to the server.
If... server reply me with the superb HTTP-201... That's valid user-password pair.
The whole stuff like this ...
p.s. ... invalid credential give me an apache-error on my own repository ...
[Wed Jul 29 17:20:41 2009] [error] [client 188.8.131.52] Digest: user kschan: password mismatch: /svn/acm/!svn/act/67764a9e-5629-6c72-d9fc-6205068e0a1a