问题
I've set up a Ubuntu Server for Subversion with Apache/WebDAV interface to share repositories with other developers. My question is, how can I make Subversion use the linux system accounts for authentication? This would lead to very easy Subversion account management. Subversion with Apache/WebDAV is currently working with this configuration:
Contents of /etc/apache2/mods-available/dav_svn.conf:
<Location /svn>
DAV svn
SVNParentPath /home/svn
SVNListParentPath On
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
</Location>
I have tried changing AuthUserFile /etc/apache2/dav_svn.passwd
with AuthUserFile /etc/shadow
with no success. This makes the server to respond with a error 500 internal server error. It's logical, why the Web service should have access to system authentication file?
Thanks a lot in advance!
回答1:
Ok! I did it! And I thought it would be very hard to find the answer!
We have to tell Apache to use an "external authentication provider", Apache won't be checking for authentication, but will delegate the task to an external authenticator, in this case, the marvellous pwauth.
So the steps I did to make it work was:
Install Mod_Auth_External module for Apache2 and pwauth
sudo apt-get install libapache2-mod-authnz-external pwauth
Enabled the new module for Apache:
sudo a2enmod authnz_external
in terminal.Configured my
apache.conf
(or you may havehttpd.conf
) to add the external authenticator (based on this article):AddExternalAuth pwauth /usr/local/libexec/pwauth SetExternalAuthMethod pwauth pipe
Edited my
/etc/apache2/mods-available/dav_svn.conf
to set the new external auth provider:... AuthType Basic AuthName "Subversion Repository" AuthBasicProvider external AuthExternal pwauth Require valid-user ...
Tested and worked fine!
回答2:
Couldn't you use ssh to access subversion repositories instead of WebDAV?
svn checkout svn+ssh://user@server:/home/svn/repository/trunk
回答3:
I can't comment yet, but wanted to add that in Ubuntu 12.04 the path of pwauth
has changed so now this should be
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
and this can be conveniently placed in a separate file inside etc/apache2/conf.d
来源:https://stackoverflow.com/questions/4522941/how-to-make-subversion-use-linux-system-accounts-for-authentication