[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature suggestion: Scriptable authentication

From: Erik Huelsmann <ehuels_at_gmail.com>
Date: 2006-08-21 21:35:27 CEST

On 8/21/06, Steve Willer <steve.willer@gmail.com> wrote:
> Hey, folks.

> The problem is, we're using a local set of users in a plaintext file for
> authentication. The passwords are also not strong, because they're viewable
> by anyone who can see the file. It's pretty silly. We also can't use Apache2
> for auth because ... well, this is Windows, and we have IIS all over the
> place, including on that one machine. They don't coexist very well, and
> taking on the whole Apache2 stuff as well as IIS is weird and nonstandard.
>
> I have a simple solution that I'd like to get in as an enhancement. I think
> it would be quite easy to implement: allow a scriptable authentication host
> instead of a username textfile for the authentication. svnserve would run
> the program on the command line, giving username and password, and the auth
> program could return "yes" or "no" in its stdout (or something along those
> lines).

Well, this feels a bit like a hack, but I've got a feeling you feel
about it that way too. Then you'll like our long term solution (to be
released in 1.5) better: currently a student on the Google Summer of
Code program is integrating the Cyrus SASL library for us into
svnserve. The SASL library can be configured to take several sources
for its passwords. Beware though that SSL needs to be integrated into
svnserve too before these passwords are transmitted out of the clear!
(At least, that's what I've been told.)

> If someone put this code into svn, I could contribute an AD lookup script.
> Otherwise, I'll have to set up the whole dev/build environment for svn,
> which sounds slightly daunting.
>
> As per the buddy system described in the bug tracker, I'd like to get some
> agreement before I put this in as a ticket.

I hope you now feel this doesn't need an issue anymore?

bye,

Erik.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 21 21:41:34 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.