You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Nico Kadel-Garcia <nk...@gmail.com> on 2012/06/06 03:24:48 UTC

Password management tools for Subversion web access?

I'm looking at a Subversion setup that would benefit from a webform to
alter user passwords. The existing tools are..... limited. There are some
that can set passwords for ".htpassword", but have no tools for adding or
deleting accounts, and have no hooks for themselves submitting the
resulting .htpasswd file to Subversion on a master server. And I do *not*
want to run a key Subversion repository on the same exposed server
necessary to manage the passwords, it would just get..... adventurous in
terms of security.

Is there a toolkit out there for integrating the following tasks?

     * Allowing authenticated Subversion users to alter their passwords?
     * Allowing authenticated admins to add or delete accounts?
     * Publishing the updated .htpasswd or similar file to a primary
Subversion repository securely and robustly?
     * Incorporating changes to that .htpasswd or similar file that are
added by authorized users for other means (for security management reasons)?

RE: Password management tools for Subversion web access?

Posted by Bob Archer <Bo...@amsi.com>.

I use subversion edge. It has a UI that allows you to add accounts and manage passwords... and users can change their own passwords. Yes, it does run on the SVN server.

However, I have set up SSPI so users are authenticated with their Windows domain account. I think there are similar authentication methods in a non-windows shop. This way, I don't have to manage passwords... the IT password policies pass thru... and all I have to do to manage this is add/remove people from a domain group.

BOb

From: Nico Kadel-Garcia [mailto:nkadel@gmail.com]
Sent: Tuesday, June 05, 2012 9:25 PM
To: Subversion
Subject: Password management tools for Subversion web access?

I'm looking at a Subversion setup that would benefit from a webform to alter user passwords. The existing tools are..... limited. There are some that can set passwords for ".htpassword", but have no tools for adding or deleting accounts, and have no hooks for themselves submitting the resulting .htpasswd file to Subversion on a master server. And I do *not* want to run a key Subversion repository on the same exposed server necessary to manage the passwords, it would just get..... adventurous in terms of security.

Is there a toolkit out there for integrating the following tasks?

     * Allowing authenticated Subversion users to alter their passwords?
     * Allowing authenticated admins to add or delete accounts?
     * Publishing the updated .htpasswd or similar file to a primary Subversion repository securely and robustly?
     * Incorporating changes to that .htpasswd or similar file that are added by authorized users for other means (for security management reasons)?