[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security features, path based authorization in subversion

From: John Peacock <john.peacock_at_havurah-software.org>
Date: Mon, 25 Aug 2008 14:16:12 -0400

David Weintraub wrote:
> svn+ssh://
> The advantage of this system is that it can use the OS's
> authentication system. The disadvantage is that it works by creating a
> separate svnserve process for each user. Any user who has access to
> the repository via svn+ssh:// also has access (if they can log into
> the box) with file:/// access too. There are all sorts of tricks to
> keep users out of a shell when setting up ssh, but if your users need
> shell access to that box, you're out of luck.

I'm sorry but you are mistaken. It is definitely possible to set up
svn+ssh:// to use a single account to access the repository, and yet
have each users public key perform both authentication and
authorization. This has no impact on whether the users also need shell
access, nor does it in any way allow the users to access the repo via
file:// if they do have a shell account.

See Trick #4 for details:

        http://svn.collab.net/repos/svn/trunk/notes/ssh-tricks

John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-08-25 20:16:38 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.