On 2009-09-23 17:42, Nico Kadel-Garcia wrote:
> On Wed, Sep 23, 2009 at 1:49 PM, baz themail <bazthemail_at_gmail.com> wrote:
> > Thanks for your reply.
> > Anyone can give me a procedure to set up mid level security svn server and
> > high level security svn server? Sorry if i am asking too much :)
> > A.
> > On Wed, Sep 23, 2009 at 9:46 AM, Andrey Repin <anrdaemon_at_freemail.ru> wrote:
> >> Greetings, baz themail!
> >> > what is the best/recommended way to set up secure svn server for people
> >> > outside the firewall to access it?
> >> Depends what the level of security you want.
> >> No simple answer.
> Well, start by considering how Sourceforge does it. Individual
> repositories with different projects, different people have different
> access to it, and the only permitted write access is via svn+ssh in
> order to avoid the 'store passwords in cleartext' that has been
> inherent in Subversion's services since day one. You'll need to manage
> the SSH keys for individual repositories, for which I've never found a
> good tool, but it's a start
Using the GSSAPI support built into SASL and mod_auth_kerb in
Apache (over HTTPS) allows you to have secure subversion access
using a common user base, centralized key management, and
single sign-on all in one fell swoop. As an added bonus you can
run subversion on a "sealed" server where there are no end
user accounts. The downside is it's difficult to set up and some
(many) binary distributions of Subversion don't include GSSAPI or
Negotiate authentication support.
Alec.Kloss_at_oracle.com Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956
Received on 2009-09-24 00:48:06 CEST
- application/pgp-signature attachment: stored