[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: PAM authentication

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-07-29 18:12:13 CEST

Jon Bendtsen wrote:
> I've always wondered why SVNSERVE does not support PAM. CVS does, and
> isnt subversion supposed to be an replacement for CVS?

CVS supports it? That's news to me. You mean some weird hack added on
top of CVS supports it?

Looking throught the archives of the cvs list, there is an unofficial
patch in the CVS issue tracker to hack PAM support into CVS. It doesn't
seem to be in the mainline, even after 4 years or so of waiting in the
issue tracker.

> My users complain that using svn+SSH takes twice the time than a user
> added to the password file in the conf directory.

I am in total comprehension failure here. What does PAM have to do with
the passdb in the repository configuration? Surely, adding PAM
authentication support to svnserve would let you authenticate against
system facilities, and would be at least as unwieldy to set up as a
shell account for svn+ssh, if not more because of the PAM
reconfiguration required.

> i guess i can use apache2, i just figured that it is strange that
> SVNSERVE does not support PAM, which is pretty much the standard unix
> auth.

It is the standard-ish linux auth, I'll grant you that. But standard
Unix auth? That's perhaps going a little far. What about the BSDs?

Anyhow, extended authentication support in svnserve is on the todo. It
isn't done yet because there were more important things to do (the new
repository backend, locking, performance enhancements) and that nobody
picked up the task. If you put aside the few Svn devs who work on
Subversion for a living, this is your standard open source project: if
you require something that nobody else cares about in the immediate
future, you either step in and do it, pay someone to step in and do it,
or be patient until someone steps in and does it.

My current todo list is quite full at the moment with authentication and
authorization enhancements to svnserve, notable SASL integration. If the
SASL library we choose when I get there natively allows using PAM as an
authentication backend, then you're in luck. Otherwise, we don't have
much choice but wait until someone comes along and picks up this todo.

The other option, as I said above, if you really really need PAM right
now this instant, would be to pick up a contract with CollabNet (not
sure they do feature-request contracts, but it can't hurt to ask) or a
freelance developer knowledgeable with Subversion and have the feature
implemented by paid employees.

- Dave.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 29 18:16:14 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.