[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Password management tools for Subversion web access?

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Wed, 6 Jun 2012 11:50:29 -0400

I use subversion edge. It has a UI that allows you to add accounts and manage passwords... and users can change their own passwords. Yes, it does run on the SVN server.

However, I have set up SSPI so users are authenticated with their Windows domain account. I think there are similar authentication methods in a non-windows shop. This way, I don't have to manage passwords... the IT password policies pass thru... and all I have to do to manage this is add/remove people from a domain group.

BOb

From: Nico Kadel-Garcia [mailto:nkadel_at_gmail.com]
Sent: Tuesday, June 05, 2012 9:25 PM
To: Subversion
Subject: Password management tools for Subversion web access?

I'm looking at a Subversion setup that would benefit from a webform to alter user passwords. The existing tools are..... limited. There are some that can set passwords for ".htpassword", but have no tools for adding or deleting accounts, and have no hooks for themselves submitting the resulting .htpasswd file to Subversion on a master server. And I do *not* want to run a key Subversion repository on the same exposed server necessary to manage the passwords, it would just get..... adventurous in terms of security.

Is there a toolkit out there for integrating the following tasks?

     * Allowing authenticated Subversion users to alter their passwords?
     * Allowing authenticated admins to add or delete accounts?
     * Publishing the updated .htpasswd or similar file to a primary Subversion repository securely and robustly?
     * Incorporating changes to that .htpasswd or similar file that are added by authorized users for other means (for security management reasons)?
Received on 2012-06-06 17:51:00 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.