[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn:author with single kerberos account

From: Ryan Schmidt <subversion-2006c_at_ryandesign.com>
Date: 2006-07-20 02:39:48 CEST

On Jul 20, 2006, at 00:43, Dennis Shpakov wrote:

> I am setting up a subversion repository on a server that only
> allows kerberized ssh access. In general, developers are not
> allowed to have real accounts on the server but are supposed to
> come in as a generic user called svnuser via the .k5login file
> mechanism.
> I replaced the login shell of the svnuser account by a script that
> eventually hands execution over to svnserve -t. To implement per-
> project access control under the condition that the hook scripts
> run in the sterile environment, I made the login shell script
> extract the kerberos principal name from the credentials cache file
> (a user without a forwardable ticket is therefore denied access)
> and store it in a file with a name based on a process id. The start-
> commit hook then checks for the parent process id, reads the
> principal name from the corresponding file, and checks it against
> an access control list.
> Everything looks fine except that the svn:author property is always
> set to svnuser (which is expected, of course), while one would
> naturally want to have it set to the kerberos principal name of the
> author committing the change. Is there a simple way to do it in one
> of the hook scripts using the same identification scheme as in
> start-commit?

I don't know if the situation you're experiencing is the expected
one, because I've never tried to set Subversion up like that.

But yes, you can modify revision properties in for example the pre-
commit or post-commit hook.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 20 02:41:10 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.