Re: [SAGE] Subversion, passwords and ACLs

[Paul Lussier <p.lussier@comcast.net>]

Neil Watson <sage@watson-wilson.ca> writes:

> Suppose I have a Subversion repository:
>
> /trunk/
> /branches/dev
> /branches/qa
>
> I want to be able to limit users to certain directories.  John should
> only be able to access branches/qa.  Jane should only be able to access
> branches/dev.
>
> I can accomplish this using Subversion's authz-db files.  Using this
> method users contact a running Subversion daemon.  Their credentials are
> stored in a password-db file.  I do not like that this file is plain
> text.  I also do not like that this does not give the user's a chance to
> change their passwords.
>
> Is there a way to control directory access inside a repository while
> still using UNIX shell accounts for logins?

It depends upon how you access svn.  If your svn server is remote,
front-ended by Apache with the svn and dav modules, then you can have
apache do all your authentication/authorization for you, and you
possibilities are limited by apache at that point.

For example, you could auth off of an AD server, or tie MIT Kerberos
and LDAP in if you wanted to.  Another option, if you're just svnserve
and accessing via svn+ssh:// urls is to possible configure something
into the SSH config.  ~/.ssh/authorized_keys can be used to do some
really neat things.

-- 
Seeya,
Paul