[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Integrating authnz_ldap and authz_groupfile in mod_svn_authz

From: Manuel Vacelet <manuel.vacelet_at_gmail.com>
Date: Fri, 25 Apr 2008 14:23:50 +0200

On Thu, Apr 24, 2008 at 7:48 PM, Martin Bauer <bauer_martin_at_gmx.de> wrote:
> You're right, its not a good idea to modify other apache-modules.
> I've read a little in the code of the apache-modules and in the code of
> svnserve, and I think
> it would be the best solution to write a new svn-auth-library which is used by
> svnserve and apache. I know
> there are a lot such libs out there already (like pam or sasl) but non of them
> supports authorization.
> So I planned to split this new library in two parts:
> One part would be responsible for authentication. I could gets its data from
> svn-auth-files or from LDAP.
> Here it would also be possible to use existing auth-libraries like PAM. And
> the actual source
> can be selected by a statement in the svn-auth file. (If there's no statement
> the svn-auth-file-source
> would be assumed, so it would be compatible with existing svn-auth files)
> The second part would be the authorization part. Here the data comes also from
> the svn-auth file (or
> perhaps later on also from MySQL). This data describe which user has which
> rights on specified paths in the repository.
> At this position it would also be possible to introduce new access-rights.
> This general svn-auth library would than be used by the apache-module and
> svn-serve.
> Would do you think of that idea?

Hello Martin,

It's great to see that subversion will better support authorization.
Some LDAP servers can be used to store authorization it could be
interesting to be able to use them.
Anyhow, SQL storage is just fine too.

Hope this helps
-- Manuel

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-25 14:24:07 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.