5

The SVN annotate feature is quite powerful and makes quick work of who to track down for a particular feature on a particular line of code. This feature is rendered slightly more limited (but still useful) if users access SVN via http. There are no credentials exchanged this way so the annotation shows no name for a line modified by by a developer who uses http to commit a change.

The question is, is there a way for a developer to pass credentials of some sort to SVN on the server to uniquely identify their commit? It is merely the presence of an ID that is required in this environment. Alternate methods such as svn+ssh and file protocols are not available. Finally, this server is on an internal LAN, not public. Tips for https also welcome.

The SVN server is running on Linux with Apache2.

casualcoder
  • 370
  • 1
  • 4
  • 13

4 Answers4

7

Since you are running SVN through Apache, you can take advantage of Apache's built-in authentication methods to control access / track changes to your repository. The sample below will work with an htaccess-style setup:

AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /path/to/user/list
Require valid-user

You can configure this in an htaccess file, or in the VirtualHost configuration file.

nabrond
  • 641
  • 6
  • 10
  • 2
    Also, you can use the many authentication modules (i.e. mod_auth_mysql) to handle authentication in a way that's easier to administer. Apache comes with tons of authentication modules. Make sure you're using ssl (https) as users will be sending private info. – Karl Katzke Jul 16 '09 at 03:39
6

in apache config:

<Location /svn>
    DAV svn
    SVNPath /mnt/big/svn
    AuthType Basic
    AuthName "SVN Server"
    AuthUserFile /etc/apache2/svn.pass
    Require valid-user
    AuthzSVNAccessFile /etc/apache2/svn_authz

and /etc/apache2/svn_authz can contain fine-graned management of who can access what:

[groups]
ops=user1,user2
it=user2,user3

[/]
* = rw

[/ops]
* =
@ops=rw

[/ro]
* = 
@ops = r
@it = r
user4 = rw

if you have ldap / active directory server at hand you can use it instead of AuthUserFile for apache authentication.

pQd
  • 29,561
  • 5
  • 64
  • 106
  • And of course, set up svn.pass just like you you would with any other htaccess auth file. `htpasswd /etc/apache2/svn.pass username` and make sure to restart Apache... I forgot one day Subversion was tied into Apache and didn't realize to restart Apache. hehe – Taylor Jasko Feb 19 '12 at 04:45
1

Short answer: mod_authz_svn

You can have a little about apache + svn + mod_autz_svn and something more in my slides presented to the International PHP Conference '09 available at http://superalbert.it/download/misc/PHPCon09_SVN_advanced.pdf

drAlberT
  • 10,871
  • 7
  • 38
  • 52
1

This answer assumes your developers use Windows and your have a Active Directory domain controller.

You can join the Linux svn server to the domain by following this article.

From there, you configure apache to authenticate to the AD using Kerberos. First install mod_auth_kerb, then connect apache2 to kerberos for authentication. See Microsoft's documenation. Make sure you implement SSL if you are at all worried about the security between the client and the server.

After you are done, user's can log in with their Windows passwords and activities will be assigned to their user.

Unfortunately, I can't get you specific configuration details right now as I am out of the office and don't have access to our svn server.

Swoogan
  • 2,007
  • 1
  • 13
  • 21