[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn:author with single kerberos account

From: Dennis Shpakov <dshpakov_at_fnal.gov>
Date: 2006-07-20 00:43:28 CEST

I am setting up a subversion repository on a server that only allows
kerberized ssh access. In general, developers are not allowed to have
real accounts on the server but are supposed to come in as a generic
user called svnuser via the .k5login file mechanism.

I replaced the login shell of the svnuser account by a script that
eventually hands execution over to svnserve -t. To implement per-project
access control under the condition that the hook scripts run in the
sterile environment, I made the login shell script extract the kerberos
principal name from the credentials cache file (a user without a
forwardable ticket is therefore denied access) and store it in a file
with a name based on a process id. The start-commit hook then checks for
the parent process id, reads the principal name from the corresponding
file, and checks it against an access control list.

Everything looks fine except that the svn:author property is always set
to svnuser (which is expected, of course), while one would naturally
want to have it set to the kerberos principal name of the author
committing the change. Is there a simple way to do it in one of the hook
scripts using the same identification scheme as in start-commit?

Thank you,

       Dennis Shpakov

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 20 02:21:54 2006

This is an archived mail posted to the Subversion Users mailing list.