Re: Re: bad access methods (was: 100% repeatable repo wedging)

On Thu, Mar 04, 2004 at 01:17:43PM -0800, Jarod Wilson wrote:
> > From: Matthew Gregan [mailto:kinetik@orcon.net.nz]
> > So spend an extra five minutes during the initial svnserve
> > configuration and wrap svnserve up with stunnel. I can write
> > up and post some documentation on how to do this if anybody
> > would find it useful.

> Not particularly useful in my particular instance, since I'd rather have
> unique logins. Oh! Wait! I'm now remembering that svnserve.conf file...
> I *can* have unique logins with svnserve. Oh yeah (sorry, still very
> green to Subversion). But the passwords sit in a file unencrypted. Icky.
> And I have to maintain multiple user/password databases, rather than
> using the system one.

No, it's not particularly useful to you, because you already have
shell/ssh accounts on the Subversion server for each of the developers.

In my case, I prefer not to hand out shell accounts to developers for
the machine the Subversion database is hosted on. Even with the
accounts locked down so that actually getting a shell is difficult,
there are so many local privilege escalation bugs floating around that
it keeps me up at night, wondering...

> However, I'd still be intrigued to hear how to wrap svnserve in
> stunnel.

I'll post some details later.

-mjg

-- 
Matthew Gregan                     |/
                                  /|                kinetik@orcon.net.nz
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org