Hello,
I can't give you a complete answer. But at our office (not so much users
as you), we have apache setup with mod_auth_kerb which gives you
spnego-authentication (ignle-signon). You'll have to setup and enforce ssl
to make it secure. This will ensure that users are authenticated using
their domain-id. If they are not on the domain, then basic-authentication
is used and the basi-cauthentication-data is checked against their
domain-info.
This will only make sure that the users don't have to enter credentials if
they are on the domain (internet explorer, firefox, tortoisesvn 1.4 and
maybe others) and that only domain-users are allowed access.
You'll have to use the SVN-authz-file to enforce additional restrictions.
Someone has built a script to extract info from ldap I believe. Maybe it
can help you if he would like to share it (Maybe he shared it already).
Greetings,
Michel
> Matthew Dickinson wrote:
>> Hi,
>>
>> I'm running a system (RHEL4) with ~1000 users on it - I have a
>> requirement
>> that each user needs their own repository that other users aren't able
>> to
>> access. Users should be able to access their repository from local
>> machine,
>> SSH, and also via the web.
>>
>> Authentication on the system is handled with a NIS back-end for user
>> information, and LDAP for the actual authentication against some AD
>> servers.
>>
>> Just wondering if there was existing documentation (that I just couldn't
>> find) for undertaking this setup, or if someone has a bright idea to
>> make
>> this easy!
>>
>>
>> Thanks,
>>
>> Matthew
>>
>>
> Perhaps the thing to do is to create a basic, simple repository inside
> of your /etc/skel/public_html folder. Set it up the way you want with
> any hook scripts or default .htaccess files configured with basic
> authentication. If you have Apache configured properly, each user will
> be able to access their own repository after they are created.
>
> I base this on what I think should work for a <Location ~/svn> directive
> that would basically map to the users home web directory.
>
> Something like:
>
> toybox:/etc/skel # svnadmin create svn
> toybox:/etc/skel/public_html # cd svn
> toybox:/etc/skel/public_html/svn # ls
> README.txt conf dav db format hooks locks
> toybox:/etc/skel/public_html/svn #
>
> I can't think of any good way to get the system to dynamically build a
> SVNAccessFile, so basic authentication might have to work.
>
> Just my 2 cents.
>
> Regards,
> Frank
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Oct 19 10:08:14 2006