[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authentication

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-06-03 15:19:40 CEST

On Jun 2, 2005, at 11:03 PM, William Ferguson wrote:
>
> Do all instances of svnserver require a password-db to have been
> configured?
> What about a tunnelling call to svnserve via "svnserver -t"?

'svnserve' either has a username, or it doesn't.

The username can come from two different places:

    * by sending a CRAM-MD5 challenge, which forces the client to
retrieve a simple credential structure of {username, password}, which
is compared against the private svnserve userdatabase, or

    * if the -t switch used ('svnserve -t'):

        - svnserve assumes it running UID is already an authenticated
username

        - 'svnserve -t --tunnel-user=foo' makes svnserve assumes that
'foo' is the username.

The -t stuff is used by svn+ssh://. When the client access an svn
+ssh:// URL, it's effectively running a private svnserve as a
temporary remote process: 'ssh remotehost svnserve -t'. The --
tunnel-user stuff can be configured for times when SSH users share
the same account via .ssh/authorized_keys (see the book about that.)

So 'svnserve -t --tunnel-user=foo' might be the way to go, assuming
that you start/stop svnserve with every new invocation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jun 3 15:30:24 2005

This is an archived mail posted to the Subversion Users mailing list.