On Sun, Jul 17, 2011 at 2:07 AM, Andy Canfield <andy.canfield_at_pimco.mobi> wrote:
> The most obvious authorization scheme is that of the host server; if there
> is a user named "andy" on that server with a password "jackel" then I would
> like to simply be able to talk to the subversion server as user named "andy"
> password "jackel". This is how ssh and sftp work. But apparently subversion
> can't handle that. True?
Subversion has no built in security system. It merely plugs into
whatever security system you're using.
A common mechanism is to use LDAP with Apache httpd. LDAP can be used
to interface your Windows Active Directory accounts or Unix accounts.
Thus, your access to Subversion is based upon your system login.
On versions of Subversion 1.5 and greater, the native Subversion
server, svnserve can use SASL which can integrate with OpenLDAP. Thus,
even svnserve can be configured to work with either WIndows or Unix
Another solution is to use svn+ssh which uses SSH's security mechanism
to control access to Subversion. Since SSH depends upon the system
user accounts, once again your Subversion account is the same as your
system account. Unix/Linux systems come with an SSH server, but you
can use Bitvise's WinSSHD program to create a SSH server on a Windows
So to answer your question: No, Subversion doesn't use your system
accounts simply because Subversion doesn't handle its own security.
However: Yes, you can use Subversion to use your system accounts
because you can create a plugin mechanism that interface with
Subversion's server process.
Worse comes to worse, the svnserve password file is a simple text file
that can be generated automatically based upon some quirky, in house,
roll your own security scheme that some paid-by-the-hour consultant
has invented. I had to do this back when Subversion was at revision
1.3.x. I simply had a crontab that rebuilt the passwd file every few
minutes based upon the password and accounts that other mechanism
Received on 2011-07-20 18:34:27 CEST