[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [TSVN] Authentication With Samba

From: Toby Johnson <toby_at_etjohnson.us>
Date: 2005-06-13 17:53:13 CEST

Hughes, Trystan wrote:

>All users in my company are on Windows, it just that we house some Linux servers in the server room, which is where SAMBA comes into it I presume - I ain't an admin guy :).
>
>I've come across PAM which can be used by APache to authenticate against. You here of this?
>
>
Yes, PAM stands for Pluggable Authentication Modules which is the Linux
standard for authorization and authentication of users for various
services against various backends. That's where "pluggable" comes in --
as long as the auth service speaks PAM, you could convert from using,
say, the /etc/passwd file to SAMBA or LDAP (which is probably what your
SAMBA setup is actually using on the backend) or anything else and none
of your services will even notice the change.

If SAMBA is already working for logins, you're most of the way there.
All you need now is mod_auth_pam on your Apache server, then an
"AuthPAM_Enabled on" directive to control your Subversion <Location>
block or virtual server or however you have it set up, along with
"Require user <user-list>" or "Require valid-user", etc. See
<http://pam.sourceforge.net/mod_auth_pam/> for download and
configuration info.

Then, in /etc/pam.d, you will need a file named "httpd" (I think the
mod_auth_pam creates one by default) that looks like the following:
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth

This tells mod_auth_pam to "bubble up" requests for authorization to the
"system-auth" service (which should already exist in /etc/pam.d).
Basically, this means that if they can log in to the Linux box, they can
authenticate in Apache. You can winnow down this list using "Require
User" or "Require Group" in httpd.conf if you don't want everyone to be
able to commit.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Mon Jun 13 17:53:38 2005

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.