At 05:54 PM 7/29/2005 -0400, Barry Warsaw wrote: >Public/private keys would be better, and if anybody knows how to set up >a Subversion server to use these without having to create accounts for >everyone, I think we (the pythong.org admins) would love your help.
From the svnserve man page: -t, --tunnel Causes svnserve to run in tunnel mode, which is just like the inetd mode of operation (serve one connection over stdin/stdout) except that the connection is considered to be pre-authenticated with the username of the current uid. This flag is selected by the client when running over a tunnel agent. --tunnel-user=username When combined with --tunnel, overrides the pre-authenticated username with the supplied username. This is useful in combina- tion with the ssh authorized_key file's "command" directive to allow a single system account to be used by multiple committers, each having a distinct ssh identity. So, it looks like you'd just need to set up public keys for each user, and list them in authorized_keys. Presumably doing something like this: command="/usr/bin/svnserve --root=/svnroot -t --tunnel-user=username",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa [key info here] would therefore do the trick. I've used a similar arrangement for my own CVS repository, but haven't tried it for SVN yet. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com