ssh + svn - pam
Brian St. Pierre
brian at bstpierre.org
Fri Jul 8 07:24:07 EDT 2011
On Thu, Jul 7, 2011 at 5:04 PM, Kenny Lussier <klussier at gmail.com> wrote:
> Many many (many) moons ago, I had set up an svn server at a company. I
> remember setting it up so that it was svn+ssh, but it didn't require
> local accounts in /etc/passwd, it just used accounts out of the
> repositories passwd-db. I can't seem to remember how I did this, and I
> can't seem to find a way to do it now. This leads me to believe that
> my memory is failing.
Quoting from:
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks.fixedcmd
It's also possible to have multiple users share a single account.
Instead of creating a separate system account for each user, generate
a public/private key pair for each person. Then place each public key
into the authorized_keys file, one per line, and use the --tunnel-user
option:
command="svnserve -t --tunnel-user=harry" TYPE1 KEY1 harry at example.com
command="svnserve -t --tunnel-user=sally" TYPE2 KEY2 sally at example.com
This example allows both Harry and Sally to connect to the same
account via public key authentication. Each of them has a custom
command that will be executed; the --tunnel-user option tells svnserve
to assume that the named argument is the authenticated user. Without
--tunnel-user, it would appear as though all commits were coming from
the one shared system account.
Gitolite uses a similar technique with git:
http://sitaramc.github.com/gitolite/doc/gitolite-and-ssh.html
--
Brian St. Pierre
More information about the gnhlug-discuss
mailing list