What is the best way to keep subversion users and passwords in synch with Linux users?

I'm not sure what is best, keeping subversion users and passwords in synch with linux users and passwords or just having linux somehow provide subversion authentication service.

I'd prefer to just maintain only linux users since I find it easy to add and remove users on ubuntu. I'd like to issue the command "sudo adduser developer" and "developer" immediately have access to subversion repositories.

At the moment, I must first create a linux user then create subversion user with the following:

sudo htpasswd -m /var/lib/svn/mainrepo/conf/htpasswd developer

Is there a better way?

Michael Prescott

Posted 2010-01-26T16:37:33.137

Reputation: 3 351

Answers

You need to have apache authenticate against the PAM stack, like the OS does.

Look into mod_auth_pam

Also, perhaps this should be moved to serverfault?

Fahad Sadah

Posted 2010-01-26T16:37:33.137

Reputation: 191

1ockquote>

mod_auth_pam is not supported and/or developed any longer. The original author moved on and it mostly works for Apache 1.3 and 2.0.

Last update was in 2006. – whitequark – 2010-01-26T16:58:29.237

You can use the svn+ssh method described in this serverfault answer (read comments too!), through this has a bunch of inconveniences.

Also you can simply create a script that would add or change user's password through adduser or passwd and instantly set or change svn password. This is probably the most convenient way in this case because developers apparently have no shell access to server and thus cannot change passwords themselves.

AFAIK there are no working PAM (Linux authentication framework) integration available for Subversion, but Apache has them and if you will use SVN over WebDAV you can use them. Here's the mod_dav and mod_dav_svn configuration docs, and this is a module capable of authenticating clients with PAM.

whitequark

Posted 2010-01-26T16:37:33.137

Reputation: 14 146