On Aug 25, 2008, at 11:35 AM, David Weintraub wrote:
> I am not too sure how you're doing things now, so let's go over the
> four different repository access methods:
>
> file://
> <snip>
>
> svn://
>>
> <snip>
>
> svn+ssh://
>>
> <snip>
>
> http://
> Like svn://, this allows the repository to be owned by the same user
> which is running the httpd daemon process. Usually, you use Apache's
> authentication method to setup users which is the same drawback of
> svn://. However, you can use LDAP as your verification system, so the
> passwords and user names are on your LDAP server.
>
> We have such a system setup at our place. The LDAP server is our
> Windows server. If you are under a particular LDAP group, you have
> read access to our Subversion repository. If you are using Unix or
> Linux, you can setup an LDAP server that interacts with your
> /etc/passwd file (or your NIS database). This can be done either by
> having the /etc/passwd file generated from your LDAP server, or by
> having your LDAP server read in entries from your /etc/passwd file.
>
> I think what you may want to do is setup an Apache httpd daemon, and
> use LDAP as your authentication system. Of course, that will involve
> some major system administration which might be beyond your realm, but
> if your users have shell access to the same box that has your
> Subversion repository server, you can't use svn+ssh. And, your only
> other choice would be using svn://, and having to maintain a separate
> authentication system where you setup the passwords and accounts.
>
> --
> David Weintraub
> qazwart_at_gmail.com
Perhaps this is a technicality, but aren't we leaving out https://?
Generally it would work the same as http://, but you can encrypt the
traffic as well. You could probably even require client certificates
and authenticate based on that.
I just configured the SVN repo hosted on our site to use
mod_auth_mysql and check against website user logins. For
organizations that may not have an LDAP server set up or accessible
for authentication, MySQL can be a nice alternative. Coupled with
PHPMyAdmin, it can certainly be easier to maintain.
- Quinn
- application/pkcs7-signature attachment: smime.p7s
Received on 2008-08-26 03:03:58 CEST