[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve authentication without passwd file

From: Ryan Schmidt <subversion-2006Q1_at_ryandesign.com>
Date: 2006-03-09 21:17:03 CET

On Mar 9, 2006, at 20:39, Florian Pose wrote:

>> What makes you think that SSH adds too much overhead? It only adds a
>> little cpu load to the client and server; you really shouldn't
>> notice it.
>
> When there is no need for the strong encryption SSH provides, why then
> burden the server with the extra load?

Because, aside from the benefit of ssh encryption, or the drawback of
extra cpu cycles, depending on how you see it, svn+ssh also provides
the feature you asked for: authentication via system user accounts.

>> You can use https instead and authenticate with a client certificate,
>> but AFAIK, there isn't anything like ssh-agent for SSL
>> certificates, so
>> either the user will have to enter their password each time to
>> decrypt
>> their certificate, or store the certificate on disk unencrypted,
>> which
>> isn't good for security since anyone who manages to read that file
>> can
>> impersonate the user.
>
> Since the repository is used only in the intranet (or from outside
> through VPN), the Apache solution is not really interesting for me.

We use Apache to serve our repository which is only usually accessed
internally within our company. Why do you think this configuration
isn't relevant? We find it very handy to be able to set up Apache to
authenticate to our LDAP server, which is the same LDAP server we use
within the base OS for user account authentication. And our
administrators already know how to administer an Apache server. I'm
sure we also could have used the svn+ssh setup but since we're a web
development shop the Apache solution was the most natural for us.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Mar 9 21:20:24 2006

This is an archived mail posted to the Subversion Users mailing list.