You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "C. Michael Pilato" <cm...@collab.net> on 2009/07/30 17:59:39 UTC
WARNING: Upcoming authn/authz policy change for svn.collab.net
C. Michael Pilato wrote:
> I'm contemplating a relatively minor change of authn/authz policy for
> svn.collab.net. Specifically, I'd like to make two changes:
>
> 1. Allow authenticated repository access only over SSL connections, and
> anonymous repository access only over non-SSL connections. This means we
> can stop using throw-away passwords for this server.
>
> 2. Unify the password files on the server into one. Some of our
> repositories already only allow SSL access (because we keep more sensitive
> data there), so we have a separate htpasswd file for those where folks
> currently put better passwords. But maintaining those files isn't as
> routine and automated as managing our regular svn commit access files, even
> though there are patterns we could employ to accomplish this. But why have
> patterns when you can technically guarantee the results you want?
>
> Overall, this should greatly simplify things over the status quo, which offers:
>
> - for one repos, anonymous read / authenticated write / no path-based authz
> / SSL or non-SSL
>
> - for another repos, anonymous read / authenticated read+write / path-basd
> authz / SSL or non-SSL
>
> - for a third repos, authenticated read+write, SSL-only
>
> Confused yet? Yeah.
>
> The only downside I can think of here is that committers will require
> SSL-enabled Subversion clients. While this might not be a problem for most
> of us, it's not clear to me how that affects our casual users (translators,
> contrib maintainers, etc.)
>
> Thoughts?
By now, I really should know better than to just leave discussions of this
sort open. So I've tweaked the Subject line, and I'm amending the above to
include, "Unless I get strong objections in the next couple of days, I'll be
making this change."
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2377078
Re: WARNING: Upcoming authn/authz policy change for svn.collab.net
Posted by "C. Michael Pilato" <cm...@collab.net>.
C. Michael Pilato wrote:
> Around 10pm or 11pm tonight (U.S. Eastern time), I'm going to take
> svn.collab.net offline for a bit to make these authn/authz simplifications
> I've been talking about. Here's the updated plan:
>
> * There will be a single password file for all repositories on this box.
> When merging password files, any password clashes for a given username
> will be resolved such that the password used for the most secure
> repository will win.
>
> * Non-SSL access to repositories and ViewVC will be anonymous only. No
> more authentication for non-SSL access, period.
>
> * SSL access will have the same authentication requirements as currently
> exist, with one notable exception: today we have both '/repos/svn-org'
> and '/repos/svn-org-no-anon' locations, required because of
> http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html . In
> the future, we'll still have two "locations" for this repository: one
> is "accessed via SSL, authn required" and the other is "accessed
> without SSL, authn-free, without permission to see the private portions
> of the repository." Both of these will use the URI path /repos/svn-org
> as expected.
>
This work is done now. Items of interest include:
* If you have an 'svn' repository working copy checked out without SSL and
you try to commit, you will get a MKACTIVITY error. Why? Because non-SSL
access is no longer authn-gated, so Apache sees no username, so you get no
commit. 'svn switch --relocate' is your friend.
* Here's the list of people whose 'svn' commit passwords were overwritten
with the password used for more sensitive repositories: rooneg, jrepenning,
maxb, breser.
* As an added bonus, ViewVC can now be used to view all the repositories on
the system. It's configured to honor the Subversion authz rules, anonymous
over non-SSL and authenticated over SSL.
Technically, we should probably update hacking.html and related docs to
recommend that developers check out http*S*://svn.collab.net/repos/svn/...
Finally, all these configuration changes were versioned, so if folks start
complaining, it should be pretty trivial to revert them all.
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2382758
Re: WARNING: Upcoming authn/authz policy change for svn.collab.net
Posted by "C. Michael Pilato" <cm...@collab.net>.
Around 10pm or 11pm tonight (U.S. Eastern time), I'm going to take
svn.collab.net offline for a bit to make these authn/authz simplifications
I've been talking about. Here's the updated plan:
* There will be a single password file for all repositories on this box.
When merging password files, any password clashes for a given username
will be resolved such that the password used for the most secure
repository will win.
* Non-SSL access to repositories and ViewVC will be anonymous only. No
more authentication for non-SSL access, period.
* SSL access will have the same authentication requirements as currently
exist, with one notable exception: today we have both '/repos/svn-org'
and '/repos/svn-org-no-anon' locations, required because of
http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html . In
the future, we'll still have two "locations" for this repository: one
is "accessed via SSL, authn required" and the other is "accessed
without SSL, authn-free, without permission to see the private portions
of the repository." Both of these will use the URI path /repos/svn-org
as expected.
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2382690