[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion: existing users

From: David Weintraub <qazwart_at_gmail.com>
Date: Wed, 20 Jul 2011 12:33:53 -0400

On Sun, Jul 17, 2011 at 2:07 AM, Andy Canfield <andy.canfield_at_pimco.mobi> wrote:
> The most obvious authorization scheme is that of the host server; if there
> is a user named "andy" on that server with a password "jackel" then I would
> like to simply be able to talk to the subversion server as user named "andy"
> password "jackel". This is how ssh and sftp work. But apparently subversion
> can't handle that. True?

Subversion has no built in security system. It merely plugs into
whatever security system you're using.

A common mechanism is to use LDAP with Apache httpd. LDAP can be used
to interface your Windows Active Directory accounts or Unix accounts.
Thus, your access to Subversion is based upon your system login.

On versions of Subversion 1.5 and greater, the native Subversion
server, svnserve can use SASL which can integrate with OpenLDAP. Thus,
even svnserve can be configured to work with either WIndows or Unix
accounts.

Another solution is to use svn+ssh which uses SSH's security mechanism
to control access to Subversion. Since SSH depends upon the system
user accounts, once again your Subversion account is the same as your
system account. Unix/Linux systems come with an SSH server, but you
can use Bitvise's WinSSHD program to create a SSH server on a Windows
box.

So to answer your question: No, Subversion doesn't use your system
accounts simply because Subversion doesn't handle its own security.

However: Yes, you can use Subversion to use your system accounts
because you can create a plugin mechanism that interface with
Subversion's server process.

Worse comes to worse, the svnserve password file is a simple text file
that can be generated automatically based upon some quirky, in house,
roll your own security scheme that some paid-by-the-hour consultant
has invented. I had to do this back when Subversion was at revision
1.3.x. I simply had a crontab that rebuilt the passwd file every few
minutes based upon the password and accounts that other mechanism
used.

-- 
David Weintraub
qazwart_at_gmail.com
Received on 2011-07-20 18:34:27 CEST

This is an archived mail posted to the Subversion Users mailing list.