[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn Farm

From: jehan procaccia <jehanproc2_at_gmail.com>
Date: Sat, 09 Oct 2010 21:05:10 +0200

Le 09/10/2010 20:40, Nico Kadel-Garcia a écrit :
> svn+ssh is the most secure, but it conflcts with your desire for LDAP
> access. The SSH keys normally live under a single user's account, the
> user who owns the repository, who hsould have a locked password. You
> see why this conflicts with LDAP based user information and logins?
>
>
No, I don't see why it conflicts ?
here's again my scenario,
1) I set and manage all repositories with a unique local unix account
(for example username svn !), that account issues all "svn create" and
owns the repos filesystem directories
2) enable the server to resolve ldapusers (pam & nss ldap), so that the
--tunnel-user=ldapusername option (see 3 below) works.
3) then add ldap users public ssh keys to the ~.ssh/authorized_keys of
that unique svn manager account as in :
"command="svnserve -t --tunnel-user=ldapusername"ssh_rsa KEYXXXXX...
COMMENT"
The sysadmin (me ) will have to find a way to push ldapusers public
keys to that unique svn manager (script/CGI ...)

Anything wrong in that scenario ?

Thanks .
Received on 2010-10-11 01:37:52 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.