[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] svnserve --user, use svn+ssh but avoid system accounts

From: Tommi Virtanen <tv_at_tv.debian.net>
Date: 2004-02-13 17:11:58 CET

[Please Cc: me, I'm not on the list]

Hi. Here's a patch that allows using SVN remotely in a way that

1) doesn't need system accounts for all users

2) doesn't write passwords/SSL certs on disk

3) integrates with existing authentication mechanisms

The setup needed is basically "adduser svn", and in
~svn/.ssh/authorized_keys, one line

command="svnserve -t --user foo" ssh-rsa ... foo@somehost

Now, user foo can run "svn co svn+ssh://svn@host/repo"
and use his ssh-agent to authenticate.

(The same setup can be used with plain old passwords, without
creating ssh keys, by having an SSH server that can auth
as user "foo" with his password, but still run a forced command
as user svn. This is possible with e.g. Conch (a reimplementation
of SSH in Python, see
http://twistedmatrix.com/documents/howto/conch_client for a bit more)

The patch is attached.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Fri Feb 13 17:18:18 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.