You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@allura.apache.org by 王再國 <wa...@gmail.com> on 2013/05/14 04:56:50 UTC
SCM Auth & Allura Auth
hi:
Allura auth.method = ldap or Local
if use the ldap. SCM can setting auth use ldap.
if use Local. SCM how to auth use Allura account?
sourceforge how to auth? old sourceforge & allura & scm & other app.
wangaguo
Re: SCM Auth & Allura Auth
Posted by Cory Johns <cj...@slashdotmedia.com>.
Sorry for the delayed response; it was a holiday weekend.
Here's a super simple (untested) LAP implementation that adds the user to
the local system with the same password as in Allura:
https://sourceforge.net/p/allura/pastebin/51a4d156d46bb46b81684997/
I'm not certain that the options given to useradd are right, but that's the
general idea of what I was thinking.
On Thu, May 23, 2013 at 4:24 AM, 王再國 <wa...@gmail.com> wrote:
> many thank.
> But I don't know how to write LocalAuthenticationProvider for http; svn;
> ssh protocol to use same as the Allura password.
> If possible. Can you give me some example?
>
> wangaguo
>
> 2013/5/18 Cory Johns <cj...@slashdotmedia.com>
>
>> Each protocol uses a different authentication methods, but for the ones
>> that use local accounts (e.g., ssh, git under some configurations), you
>> could indeed have your LocalAuthenticationProvider subclass set the local
>> account password to the same as the Allura password.
>>
>>
>> On Thu, May 16, 2013 at 4:55 AM, 王再國 <wa...@gmail.com> wrote:
>>
>>> hi:
>>> yes, I asking about "how to integrate authentication in Allura with
>>> authentication for SCM access.".
>>> I am sorry for my english is not so good.
>>>
>>> We want use allura build a production forge site. Not a private forge.
>>> I have implemented subverion server. Include http; svn; ssh protocol.
>>> Use schroot; FUSE; LDAP. But LDAP no sync with Allura.
>>> And I want use LocalAuthenticationProvider not LDAP.
>>>
>>> FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions
>>> API.
>>> But, ssh; https; svn; git; protocol need login authentication.
>>> If use API or subprocess calls to register a new user on SCM. How to set
>>> the password?
>>> Allura user password encode same with the linux password encode?
>>>
>>> wangaguo
>>>
>>>
>>> 2013/5/15 Cory Johns <cj...@slashdotmedia.com>
>>>
>>>> I believe you are asking about how to integrate authentication in
>>>> Allura with authentication for SCM access; if I have misunderstood your
>>>> question, I apologize.
>>>>
>>>> In order to create, refresh, or remove repositories, the Allura taskd
>>>> worker needs to have file system write permissions to the SCM folders, but
>>>> for most normal operation it really only needs read access. Beyond that,
>>>> it doesn't put any restrictions on authentication for SCM access itself.
>>>>
>>>> LDAP would certainly work to manage authentication, but it comes with
>>>> its own complications and I don't really have any experience setting up
>>>> LDAP for the SCM auth management.
>>>>
>>>> There are a couple of approaches you could take for integrating local
>>>> authentication with the SCM. You could create a
>>>> LocalAuthenticationProvider subclass that registered new users with the SCM
>>>> authentication system via its API or subprocess calls. For example, if you
>>>> are using local system account authentication (e.g., git over ssh), the
>>>> provider would need to call useradd via subprocess.
>>>>
>>>> Alternatively, you could use a single system user, possibly combined
>>>> with something like HTTP Basic Auth, to access the SCM, and then use a FUSE
>>>> filesystem to enforce access. There is an implementation in the Allura
>>>> project under fuse/accessfs.py and documentation for using it under
>>>> Allura/docs/scm_host.rst. This approach is more or less what we use at
>>>> SourceForge.
>>>>
>>>>
>>>> On Mon, May 13, 2013 at 10:56 PM, 王再國 <wa...@gmail.com> wrote:
>>>>
>>>>> hi:
>>>>> Allura auth.method = ldap or Local
>>>>>
>>>>> if use the ldap. SCM can setting auth use ldap.
>>>>> if use Local. SCM how to auth use Allura account?
>>>>>
>>>>> sourceforge how to auth? old sourceforge & allura & scm & other app.
>>>>>
>>>>> wangaguo
>>>>>
>>>>
>>>>
>>>
>>
>
Re: SCM Auth & Allura Auth
Posted by 王再國 <wa...@gmail.com>.
many thank.
But I don't know how to write LocalAuthenticationProvider for http; svn;
ssh protocol to use same as the Allura password.
If possible. Can you give me some example?
wangaguo
2013/5/18 Cory Johns <cj...@slashdotmedia.com>
> Each protocol uses a different authentication methods, but for the ones
> that use local accounts (e.g., ssh, git under some configurations), you
> could indeed have your LocalAuthenticationProvider subclass set the local
> account password to the same as the Allura password.
>
>
> On Thu, May 16, 2013 at 4:55 AM, 王再國 <wa...@gmail.com> wrote:
>
>> hi:
>> yes, I asking about "how to integrate authentication in Allura with
>> authentication for SCM access.".
>> I am sorry for my english is not so good.
>>
>> We want use allura build a production forge site. Not a private forge.
>> I have implemented subverion server. Include http; svn; ssh protocol.
>> Use schroot; FUSE; LDAP. But LDAP no sync with Allura.
>> And I want use LocalAuthenticationProvider not LDAP.
>>
>> FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions
>> API.
>> But, ssh; https; svn; git; protocol need login authentication.
>> If use API or subprocess calls to register a new user on SCM. How to set
>> the password?
>> Allura user password encode same with the linux password encode?
>>
>> wangaguo
>>
>>
>> 2013/5/15 Cory Johns <cj...@slashdotmedia.com>
>>
>>> I believe you are asking about how to integrate authentication in Allura
>>> with authentication for SCM access; if I have misunderstood your question,
>>> I apologize.
>>>
>>> In order to create, refresh, or remove repositories, the Allura taskd
>>> worker needs to have file system write permissions to the SCM folders, but
>>> for most normal operation it really only needs read access. Beyond that,
>>> it doesn't put any restrictions on authentication for SCM access itself.
>>>
>>> LDAP would certainly work to manage authentication, but it comes with
>>> its own complications and I don't really have any experience setting up
>>> LDAP for the SCM auth management.
>>>
>>> There are a couple of approaches you could take for integrating local
>>> authentication with the SCM. You could create a
>>> LocalAuthenticationProvider subclass that registered new users with the SCM
>>> authentication system via its API or subprocess calls. For example, if you
>>> are using local system account authentication (e.g., git over ssh), the
>>> provider would need to call useradd via subprocess.
>>>
>>> Alternatively, you could use a single system user, possibly combined
>>> with something like HTTP Basic Auth, to access the SCM, and then use a FUSE
>>> filesystem to enforce access. There is an implementation in the Allura
>>> project under fuse/accessfs.py and documentation for using it under
>>> Allura/docs/scm_host.rst. This approach is more or less what we use at
>>> SourceForge.
>>>
>>>
>>> On Mon, May 13, 2013 at 10:56 PM, 王再國 <wa...@gmail.com> wrote:
>>>
>>>> hi:
>>>> Allura auth.method = ldap or Local
>>>>
>>>> if use the ldap. SCM can setting auth use ldap.
>>>> if use Local. SCM how to auth use Allura account?
>>>>
>>>> sourceforge how to auth? old sourceforge & allura & scm & other app.
>>>>
>>>> wangaguo
>>>>
>>>
>>>
>>
>
Re: SCM Auth & Allura Auth
Posted by Cory Johns <cj...@slashdotmedia.com>.
Each protocol uses a different authentication methods, but for the ones
that use local accounts (e.g., ssh, git under some configurations), you
could indeed have your LocalAuthenticationProvider subclass set the local
account password to the same as the Allura password.
On Thu, May 16, 2013 at 4:55 AM, 王再國 <wa...@gmail.com> wrote:
> hi:
> yes, I asking about "how to integrate authentication in Allura with
> authentication for SCM access.".
> I am sorry for my english is not so good.
>
> We want use allura build a production forge site. Not a private forge.
> I have implemented subverion server. Include http; svn; ssh protocol.
> Use schroot; FUSE; LDAP. But LDAP no sync with Allura.
> And I want use LocalAuthenticationProvider not LDAP.
>
> FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions
> API.
> But, ssh; https; svn; git; protocol need login authentication.
> If use API or subprocess calls to register a new user on SCM. How to set
> the password?
> Allura user password encode same with the linux password encode?
>
> wangaguo
>
>
> 2013/5/15 Cory Johns <cj...@slashdotmedia.com>
>
>> I believe you are asking about how to integrate authentication in Allura
>> with authentication for SCM access; if I have misunderstood your question,
>> I apologize.
>>
>> In order to create, refresh, or remove repositories, the Allura taskd
>> worker needs to have file system write permissions to the SCM folders, but
>> for most normal operation it really only needs read access. Beyond that,
>> it doesn't put any restrictions on authentication for SCM access itself.
>>
>> LDAP would certainly work to manage authentication, but it comes with its
>> own complications and I don't really have any experience setting up LDAP
>> for the SCM auth management.
>>
>> There are a couple of approaches you could take for integrating local
>> authentication with the SCM. You could create a
>> LocalAuthenticationProvider subclass that registered new users with the SCM
>> authentication system via its API or subprocess calls. For example, if you
>> are using local system account authentication (e.g., git over ssh), the
>> provider would need to call useradd via subprocess.
>>
>> Alternatively, you could use a single system user, possibly combined with
>> something like HTTP Basic Auth, to access the SCM, and then use a FUSE
>> filesystem to enforce access. There is an implementation in the Allura
>> project under fuse/accessfs.py and documentation for using it under
>> Allura/docs/scm_host.rst. This approach is more or less what we use at
>> SourceForge.
>>
>>
>> On Mon, May 13, 2013 at 10:56 PM, 王再國 <wa...@gmail.com> wrote:
>>
>>> hi:
>>> Allura auth.method = ldap or Local
>>>
>>> if use the ldap. SCM can setting auth use ldap.
>>> if use Local. SCM how to auth use Allura account?
>>>
>>> sourceforge how to auth? old sourceforge & allura & scm & other app.
>>>
>>> wangaguo
>>>
>>
>>
>
Re: SCM Auth & Allura Auth
Posted by 王再國 <wa...@gmail.com>.
hi:
yes, I asking about "how to integrate authentication in Allura with
authentication for SCM access.".
I am sorry for my english is not so good.
We want use allura build a production forge site. Not a private forge.
I have implemented subverion server. Include http; svn; ssh protocol.
Use schroot; FUSE; LDAP. But LDAP no sync with Allura.
And I want use LocalAuthenticationProvider not LDAP.
FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions
API.
But, ssh; https; svn; git; protocol need login authentication.
If use API or subprocess calls to register a new user on SCM. How to set
the password?
Allura user password encode same with the linux password encode?
wangaguo
2013/5/15 Cory Johns <cj...@slashdotmedia.com>
> I believe you are asking about how to integrate authentication in Allura
> with authentication for SCM access; if I have misunderstood your question,
> I apologize.
>
> In order to create, refresh, or remove repositories, the Allura taskd
> worker needs to have file system write permissions to the SCM folders, but
> for most normal operation it really only needs read access. Beyond that,
> it doesn't put any restrictions on authentication for SCM access itself.
>
> LDAP would certainly work to manage authentication, but it comes with its
> own complications and I don't really have any experience setting up LDAP
> for the SCM auth management.
>
> There are a couple of approaches you could take for integrating local
> authentication with the SCM. You could create a
> LocalAuthenticationProvider subclass that registered new users with the SCM
> authentication system via its API or subprocess calls. For example, if you
> are using local system account authentication (e.g., git over ssh), the
> provider would need to call useradd via subprocess.
>
> Alternatively, you could use a single system user, possibly combined with
> something like HTTP Basic Auth, to access the SCM, and then use a FUSE
> filesystem to enforce access. There is an implementation in the Allura
> project under fuse/accessfs.py and documentation for using it under
> Allura/docs/scm_host.rst. This approach is more or less what we use at
> SourceForge.
>
>
> On Mon, May 13, 2013 at 10:56 PM, 王再國 <wa...@gmail.com> wrote:
>
>> hi:
>> Allura auth.method = ldap or Local
>>
>> if use the ldap. SCM can setting auth use ldap.
>> if use Local. SCM how to auth use Allura account?
>>
>> sourceforge how to auth? old sourceforge & allura & scm & other app.
>>
>> wangaguo
>>
>
>
Re: SCM Auth & Allura Auth
Posted by Cory Johns <cj...@slashdotmedia.com>.
I believe you are asking about how to integrate authentication in Allura
with authentication for SCM access; if I have misunderstood your question,
I apologize.
In order to create, refresh, or remove repositories, the Allura taskd
worker needs to have file system write permissions to the SCM folders, but
for most normal operation it really only needs read access. Beyond that,
it doesn't put any restrictions on authentication for SCM access itself.
LDAP would certainly work to manage authentication, but it comes with its
own complications and I don't really have any experience setting up LDAP
for the SCM auth management.
There are a couple of approaches you could take for integrating local
authentication with the SCM. You could create a
LocalAuthenticationProvider subclass that registered new users with the SCM
authentication system via its API or subprocess calls. For example, if you
are using local system account authentication (e.g., git over ssh), the
provider would need to call useradd via subprocess.
Alternatively, you could use a single system user, possibly combined with
something like HTTP Basic Auth, to access the SCM, and then use a FUSE
filesystem to enforce access. There is an implementation in the Allura
project under fuse/accessfs.py and documentation for using it under
Allura/docs/scm_host.rst. This approach is more or less what we use at
SourceForge.
On Mon, May 13, 2013 at 10:56 PM, 王再國 <wa...@gmail.com> wrote:
> hi:
> Allura auth.method = ldap or Local
>
> if use the ldap. SCM can setting auth use ldap.
> if use Local. SCM how to auth use Allura account?
>
> sourceforge how to auth? old sourceforge & allura & scm & other app.
>
> wangaguo
>