Hughes, Trystan wrote:
>All users in my company are on Windows, it just that we house some Linux servers in the server room, which is where SAMBA comes into it I presume - I ain't an admin guy :).
>
>I've come across PAM which can be used by APache to authenticate against. You here of this?
>
>
Yes, PAM stands for Pluggable Authentication Modules which is the Linux
standard for authorization and authentication of users for various
services against various backends. That's where "pluggable" comes in --
as long as the auth service speaks PAM, you could convert from using,
say, the /etc/passwd file to SAMBA or LDAP (which is probably what your
SAMBA setup is actually using on the backend) or anything else and none
of your services will even notice the change.
If SAMBA is already working for logins, you're most of the way there.
All you need now is mod_auth_pam on your Apache server, then an
"AuthPAM_Enabled on" directive to control your Subversion <Location>
block or virtual server or however you have it set up, along with
"Require user <user-list>" or "Require valid-user", etc. See
<http://pam.sourceforge.net/mod_auth_pam/> for download and
configuration info.
Then, in /etc/pam.d, you will need a file named "httpd" (I think the
mod_auth_pam creates one by default) that looks like the following:
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
This tells mod_auth_pam to "bubble up" requests for authorization to the
"system-auth" service (which should already exist in /etc/pam.d).
Basically, this means that if they can log in to the Linux box, they can
authenticate in Apache. You can winnow down this list using "Require
User" or "Require Group" in httpd.conf if you don't want everyone to be
able to commit.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Mon Jun 13 17:53:38 2005