[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Adding Users and SSL

From: Adrian Marsh <Adrian.Marsh_at_ubiquisys.com>
Date: Wed, 16 Apr 2008 12:37:09 +0100

Mark,

 

I've just taught myself the same thing in the past week, but added LDAP
to my problems. The best guide I had was to download a pre-configured
setup and work out from there what I needed (no need to install this,
just extract the sample httpd.conf files):

 

http://opensourcedevelopment.net/text-tutorials/apache-subversion-active
-directory.html

 

But to answer your questions, the SSL and authentication are two
separate issues. See standard SSL apache docs for that setup. But I'd
advise to test SVN initially without it, so its not an added
complication. Eventually, you can move the SVN Directives into ssl.conf,
if you already have a sample ssl.conf file to start with.

 

If you want to specify specific users, you can either do that by
restricting the database that contains the usernames/passwords (in which
case a standard htpasswd type file would do - passwords are stored
encrypted), or you can authenticate via another mechanism (eg DBM or
LDAP) and still have SVN control who can accesses the repository.

 

In any case, no passwords are stored cleartext..

 

 

Heres snippets of my setup:

 

Httpd.conf : added this line as I have my own SSL CA:

 

LDAPTrustedGlobalCert CA_BASE64 /tmp/base64.cer

 

 

Ssl.conf: I added this to the default virtualhost

 

<Location "/svn">

        AuthBasicProvider ldap

        DAV svn

        SVNParentPath /home/SVN

        SVNIndexXSLT "/svnindex.xsl"

        AuthType Basic

        AuthzLDAPAuthoritative off

        AuthName "Subversion"

        AuthLDAPURL
"ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAccountName?sub
?(objectClass=*)" NONE

        AuthLDAPBindDN
"CN=*****,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,DC=local"

        AuthLDAPBindPassword ******

        #<LimitExcept GET PROPFIND OPTIONS REPORT>

           Require valid-user

        #</LimitExcept>

        AuthzSVNAccessFile /tmp/svntest

</Location>

 

 

The AuthBasicProvider line dictates the LDAP setup, and you can ignore
the LDAP stuff there if not using it... but this could also be "file"
and then use AuthUserFile to specify the htpasswd type file. You then
use htpasswd to create and maintain that text file.

Then it uses AuthzSVNAccessFile to specify who can access which
repository. Note: I use SVNParentPath to allow access to multiple
repositories. But you could use SVNPath for a specific one. See the SVN
book for the format of that file.

 

A lot of combinations are possible.

 

 

Adrian

________________________________

From: Mark Nowhere [mailto:markwod_at_yahoo.co.uk]
Sent: 16 April 2008 09:59
To: users_at_subversion.tigris.org
Subject: Adding Users and SSL

 

Hi all,
    I've been trying to find a sucent guid to setting up users and SSL
with SVN.

I've got it running ok (Windows) with apache 2.0. All seems ok, what I'm
uncertian about is the security aspect. I want to be able to permission
only specific users to the repo. What I've read it seems as though the
passwords are simply put in a basic file, not encrypted - not correct
surely?

http://better-scm.berlios.de/subversion/Svn-Win32-Inst-Guide.html

If there are any tutorials re: this please can you let me know.

Thanks

Mark

  

________________________________

Yahoo! for Good helps you make a difference
<http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http:/us.rd.yahoo.c
om/evt=51947/*http:/uk.promotions.yahoo.com/forgood/>
Received on 2008-04-16 13:37:45 CEST

This is an archived mail posted to the Subversion Users mailing list.