Matthew Wilson via RT wrote:
Show quoted text>> Would it be acceptable if SVN::Web queried the repo for authentication
>> information instead?
>
> That would be a great feature, in addition. But our authentication
> credentials and authorization ACLs are not enforced at that tier. We
> have a filesystem repository served by https, using apache's active
> directory authentication. Our authorization ACLs are stored in an
> AuthzSVNAccessFile.
OK. Can you not use Apache URL based controls to limit access to SVN::Web?
I'm not familiar with AuthzSVNAccessFile (yet), so that might be a silly
question.
Show quoted text>> I'm planning on using SVN::Client at the backend, instead of using
>> SVN::Repos (or SVN::Ra) which should provide this sort of thing for
>> free. If the repo requires a username and password I imagine that
>> SVN::Web will use basic authentication (so you'd be advised to run it
>> under https) to get the username and password, and then it will use
>> those credentials when accessing the repo.
>
> That's great, but I don't plan on switching SVN::Web to access the
> repository via https, since that would be far slower, as far as I know.
That's not quite what I mean.
At the moment, SVN::Web can only talk to the repository if the
repository is on a filesystem directly accessible by the SVN::Web process.
When I switch to using SVN::Client you'll be able to specify repo access
using Subversion urls. For example,
repos:
local: file:///path/to/repo
svnweb: svn://jc.ngo.org.uk/
remote:
http://some.host/path/to/repo
With the svn:// and http:// accesses you should be able to piggy back on
the same authorization policies that Subversion enforces for any other
client.
So if you need to make a part of your repository only readable to
authorized users you should be able to do that. Then, when SVN::Web
detects that the access needs authentication it will issue an HTTP Basic
Auth challenge, prompting the browser to ask the user for a username and
password.
It's that last user/pass request that should probably run under https.
N