[PATCH] svnserve --user, use svn+ssh but avoid system accounts

From: Tommi Virtanen <tv_at_tv.debian.net>
Date: 2004-02-13 17:11:58 CET

[Please Cc: me, I'm not on the list]

Hi. Here's a patch that allows using SVN remotely in a way that

1) doesn't need system accounts for all users

2) doesn't write passwords/SSL certs on disk

3) integrates with existing authentication mechanisms

The setup needed is basically "adduser svn", and in
~svn/.ssh/authorized_keys, one line

command="svnserve -t --user foo" ssh-rsa ... foo@somehost

Now, user foo can run "svn co svn+ssh://svn@host/repo"
and use his ssh-agent to authenticate.

(The same setup can be used with plain old passwords, without
creating ssh keys, by having an SSH server that can auth
as user "foo" with his password, but still run a forced command
as user svn. This is possible with e.g. Conch (a reimplementation
of SSH in Python, see
http://twistedmatrix.com/documents/howto/conch_client for a bit more)

The patch is attached.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

text/x-patch attachment: svnserve-user.diff

Received on Fri Feb 13 17:18:18 2004

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: annotate support for emacs"
Previous message: kfogel_at_collab.net: "Re: cvs2svn: timestamps"
Next in thread: Greg Hudson: "Re: [PATCH] svnserve --user, use svn+ssh but avoid system accounts"
Reply: Greg Hudson: "Re: [PATCH] svnserve --user, use svn+ssh but avoid system accounts"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]