[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN/SSH/svnserve configs

From: Adrian Marsh <adrian.marsh_at_ubiquisys.com>
Date: 2006-11-23 20:10:34 CET

Hi,

I think I need a few pointers on figureing out the best solution for my
setup.

I've setup a centos linux server, and have configured PAM so that NT
users can login to the linux server with the same credentials as NT.

I also have an svn repository on this box, that I'd like those users to
be able to have access too, but I would like to authenticate/admin that
access. I need to be able to:

- (if asked) - restricate access to certain parts of the repos only to
certain users
- make sure that users are securely authenticated and transfer is encrypted
- (optionally) make use of "groups"
- enable both locally defined users & also NT users (hopefully PAM will
hide this)

I'd like to end up where the tortoisesvn client uses the NT client
credentials to login via ssh (the linux box verifies them), and the user
is easily able to read/write to the repos (not sure whats feasibly here)

As I understand it, svnserve on its own only uses the files stored
under conf/ to resolve users and passwords, and doesn't integrate into
the O/S itself for authentication. I'd like to integrate this more
though into the NT/PAM config. I think my options are http based, and
svn+ssh..

I don't want to do this via Apache if I can avoid it, so I was thinking
that svn+ssh is the way to go.

I've read the article at
http://svn.collab.net/repos/svn/trunk/notes/ssh-tricks, but I think I'm
missing some basics..

1) It seems that although users authenticate to the "box" via ssh, they
don't then get "authenticated" to svnserve - is this right? They appear
as one user to svnserve

2) If thats *not* the case, then how do you configure svnserve for users
authenticated via ssh?

3) On my setup, openssh is already installed and running, and users can
ssh into their own login - do I then need to create "another" private
key on the server (to then copy to the clients..) - what is this key for
anyway? If the ssh client authenticates ok (putty), do we need the
severs private key on the client??

4) if I do need the private key, that article skips the steps on how to
create it.. anyone have a crib sheet?

5) I understand that once svn+ssh works, then when the repository is
accessed, you spawn a new svnserve process for each session - isn't that
wasteful/CPU intensive?

I think I've definitely missed something crucial, and could do with some
pointers...

Thanks,

Adrian

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: users-help@tortoisesvn.tigris.org
Received on Thu Nov 23 20:15:11 2006

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.