Re: [SAGE] Subversion, passwords and ACLs

["Gary Studwell" <gary.studwell@gmail.com>]

HI Neil,
    You can do this by accessing your Subversion instance through
Apache instead of running the svnserve daemon.  It can be simple or
fairly complex, and Apache will let you restrict or permit access as
you wish in conjunction with the authz files.  It can use subversion's
local passwd files, which you can use $APACHE_HOME/bin/htpasswd to
maintain.  (Allows non-cleartext passwords on the server.)
     It is also possible to use pam modules with Apache to do the
authentication ("external" methods to Apache).  So that could be local
accounts but directory services or custom methods should be possible.
For using shell account logins, some concerns are what other access
that password allows to your systems.  A concern might be what happens
if the local shell password is compromised.  You will probably want to
disable client-side password caching in any case.

hope that helps,
  Gary Studwell

On 1/19/07, Neil Watson <sage@watson-wilson.ca> wrote:
> Suppose I have a Subversion repository:
>
> /trunk/
> /branches/dev
> /branches/qa
>
> I want to be able to limit users to certain directories.  John should
> only be able to access branches/qa.  Jane should only be able to access
> branches/dev.
>
> I can accomplish this using Subversion's authz-db files.  Using this
> method users contact a running Subversion daemon.  Their credentials are
> stored in a password-db file.  I do not like that this file is plain
> text.  I also do not like that this does not give the user's a chance to
> change their passwords.
>
> Is there a way to control directory access inside a repository while
> still using UNIX shell accounts for logins?
>
> --
> Neil Watson             | Debian Linux
> System Administrator    | Uptime 6 days
> http://watson-wilson.ca
>