[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn:author with single kerberos account

From: Dennis Shpakov <dshpakov_at_fnal.gov>
Date: 2006-07-21 01:28:25 CEST

Ryan Schmidt wrote:
>
> On Jul 20, 2006, at 00:43, Dennis Shpakov wrote:
>
>> I am setting up a subversion repository on a server that only allows
>> kerberized ssh access. In general, developers are not allowed to have
>> real accounts on the server but are supposed to come in as a generic
>> user called svnuser via the .k5login file mechanism.
>>
>> I replaced the login shell of the svnuser account by a script that
>> eventually hands execution over to svnserve -t. To implement
>> per-project access control under the condition that the hook scripts
>> run in the sterile environment, I made the login shell script extract
>> the kerberos principal name from the credentials cache file (a user
>> without a forwardable ticket is therefore denied access) and store it
>> in a file with a name based on a process id. The start-commit hook
>> then checks for the parent process id, reads the principal name from
>> the corresponding file, and checks it against an access control list.
>>
>> Everything looks fine except that the svn:author property is always
>> set to svnuser (which is expected, of course), while one would
>> naturally want to have it set to the kerberos principal name of the
>> author committing the change. Is there a simple way to do it in one
>> of the hook scripts using the same identification scheme as in
>> start-commit?
>
> I don't know if the situation you're experiencing is the expected one,
> because I've never tried to set Subversion up like that.
It is expected because the unix user that owns the svnserve process is
always svnuser.

> But yes, you can modify revision properties in for example the
> pre-commit or post-commit hook.
How should I do that? If I run something like

/usr/bin/svn propset svn:author dshpakov -r12 --revprop

in post-commit, I get the error message saying "svn: '.' is not a
working copy".

Thanks again,

       Dennis

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 21 01:29:34 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.