Nico Kadel-Garcia <nkadel_at_gmail.com> wrote on 08/31/2009 06:57:30 PM:
> 2009/8/31 David Weintraub <qazwart_at_gmail.com>:
> > Subversion doesn't have its own native security. This is actually a
> > way because it allows you to use external security regimens.
> > For example, we use LDAP and connect to our Active Server via Apache.
> > don't have to worry about settiing up users independently. If a user
> > the Windows server's engineering group, they automatically have access
> > Subversion without me doing anything. Once they leave, they have no
> > access.
> > Even better, their Subversion password is the same as their Windows
> > password. No more forgetting their password.
> > If I use ssh+svn://, the operating system handles logging in and out.
> > name and password is the same as my Unix account.
> What? No-no-no-no-no. This is used by some, but the far safer and more
> useful way to do is to designate an svn user, who's
> $HOME/.ssh/authorized_keys file This relies on SSH keys, not
> passwords, which allows single-sign-on style user access by having an
> ssh-agent (or a Gnome or KDE "wallet", which is out of band of
> Subversion's key storage).
> No user passwords. None. Nyet. Nil. Nein. Nada. A user selected
> password is normally used to unlock the relevant SSH key, and a Gnome
> or KDE wallet can manage that. And this way, the repository URL's look
> ile 'svn+ssh://svn@reposerver/var/lib/svn/repository', or a similar
> structure. This allows user login to that server to be quite distinct
> and even unnecessary. This is the approach that Sourceforge uses, for
> example. The public SSH key in is set to designate the relevant
> Subversion user based on which key is used. It's a very handy
> approach, and avoids the security issues that I tend to rant about, at
> the cost of some setup time.
This setup is a pain for both the user and the administrator. Additional
steps must be performed by each before work can begin.
(And ssh keys are really no better than a password, you are just
forcing the user to have different piece of secret information.)
Why not use something like kerberos? Windows will transparently
checkout a ticket. No password needed and no additional setup needed
by either the user or the administrator for new users. Granted, this
only works well in a corporate environment, but it is a very big win
when dealing with less technical users...
The beauty of Subversion is that it lets YOU choose the
appropriate authentication method for your environment.
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-01 16:23:08 CEST