On Sun, Jul 17, 2011 at 2:07 AM, Andy Canfield <andy.canfi...@pimco.mobi> wrote: > The most obvious authorization scheme is that of the host server; if there > is a user named "andy" on that server with a password "jackel" then I would > like to simply be able to talk to the subversion server as user named "andy" > password "jackel". This is how ssh and sftp work. But apparently subversion > can't handle that. True?
Subversion has no built in security system. It merely plugs into whatever security system you're using. A common mechanism is to use LDAP with Apache httpd. LDAP can be used to interface your Windows Active Directory accounts or Unix accounts. Thus, your access to Subversion is based upon your system login. On versions of Subversion 1.5 and greater, the native Subversion server, svnserve can use SASL which can integrate with OpenLDAP. Thus, even svnserve can be configured to work with either WIndows or Unix accounts. Another solution is to use svn+ssh which uses SSH's security mechanism to control access to Subversion. Since SSH depends upon the system user accounts, once again your Subversion account is the same as your system account. Unix/Linux systems come with an SSH server, but you can use Bitvise's WinSSHD program to create a SSH server on a Windows box. So to answer your question: No, Subversion doesn't use your system accounts simply because Subversion doesn't handle its own security. However: Yes, you can use Subversion to use your system accounts because you can create a plugin mechanism that interface with Subversion's server process. Worse comes to worse, the svnserve password file is a simple text file that can be generated automatically based upon some quirky, in house, roll your own security scheme that some paid-by-the-hour consultant has invented. I had to do this back when Subversion was at revision 1.3.x. I simply had a crontab that rebuilt the passwd file every few minutes based upon the password and accounts that other mechanism used. -- David Weintraub qazw...@gmail.com
