[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Subversion, passwords and ACLs

To: sage-members@sage.org
Subject: Re: [SAGE] Subversion, passwords and ACLs
From: "Jason Dusek" <jsn@j-s-n.org>
Date: Fri, 19 Jan 2007 20:54:04 -0800
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=WvVtln1oaztSq37pLUwZjMzrnDZZ3MVKOocL61fLkQQB6rIsbq1VZroO6vqWvTahVfS0x6paCXDJoDaGMKzHmuGg1bQF9DgXkh2FvCVYPACUF6W5suxUM2fmGKaJicepZpBub++b9ByjpAKArU9m5IdrkayjLj+s1xvI52G1HOg=
In-Reply-To: <20070119161746.GA31925@watson-wilson.ca>
References: <20070119161746.GA31925@watson-wilson.ca>
Sender: owner-sage-members@usenix.org

On 1/19/07, Neil Watson <sage@watson-wilson.ca> wrote:
> Is there a way to control directory access inside a repository while
> still using UNIX shell accounts for logins?

The short answer is "no". The long answer involves Apache over SSL and
HTTP Basic Authentication. Use the <Location /foo/bar> directives to
protect the directories you are interested in, and then set up Apache
to authenticate in one of two ways:

    the bad way:
        Hook HTTP Basic Authentication to your UNIX password file.

    the good way:
        Set up both PAM and HTTP Basic Authentication to defer to LDAP or
        some similar service. You can set up LDAP to talk to a pipe instead
        of a network socket, essentially network proofing your authentication
        mechanism.

-- 
_jsn

References:
- [SAGE] Subversion, passwords and ACLs
  - From: Neil Watson <sage@watson-wilson.ca>

Prev by Date: Re: [SAGE] Subversion, passwords and ACLs
Next by Date: Re: [SAGE] Subversion, passwords and ACLs
Prev by thread: Re: [SAGE] Subversion, passwords and ACLs
Next by thread: Re: [SAGE] Subversion, passwords and ACLs
Index(es):
- Date
- Thread