On Fri, Jul 30, 2010 at 07:56:50AM -0400, Nico Kadel-Garcia wrote:
> Don't use LDAP. One problem is that it will allow multiple users
> filesystem access to the Subversion repository, and *SOMEONE* is
> likely to screw it up for everyone else by trying to manually edit
> something in the repository in a large environment with multiple
I don't see any way how using LDAP with Subversion would allow local
filesystem access to users. Can you explain?
If I understood correctly, the question was about using Subversion
with SSH and LDAP. That doesn't imply local filesystem access, as you
point out below.
> Also, remember that the UNIX and Linux clients will save
> passwords in clear text by default in the user's home directory. That
> makes your LDAP passwords vulnerable to anyone who can access home
> directories or backup tapes. This is a longstanding vulnerability, and
> there is no fix. (Subversion 1.6 does warn you before saving them,
> which is polite, but will still save them, which is bad.)
By default, it will *ask* you, not warn you. It only saves the password
if you say "yes". That is not the same as printing a warning and
saving it by default.
> There are reasons the 'svn+ssh' approach channels all connections
> through a single authorized repository owner,
The only reason for a single SSH user is that you don't have to create
unix system accounts for each committer. It's just for convenience.
There are no additional security implications if you set up multiple
ssh accounts, one for each committer.
> and uses the SSH
> authorized_keys set to configure the svnserve command and to set the
> user for committing changes; it's described in detail in the
> Subversion Red Book, The missing component for this approach is a tool
> to manage the SSH keys. If anyone has such a tool, or better a
> management GUI to manage such keys, please publish it.
There are lots of such tools for many platforms.
Received on 2010-07-30 14:50:40 CEST