You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Adrian Marsh <Ad...@ubiquisys.com> on 2008/03/31 16:29:33 UTC
Authentication in a domain
Hi All,
I'm going to be re-designing our current SVN setup, which currently uses
Apache for its authentication via a simple htpasswd file and
Mod_authz_svn
However I want to achieve the following:
1) Authentication against a domain controller (Windows 2003), rather
than a separate user/password
2) Per repository and also sub-folder permissions (allow some
users/groups to access some folders, deny to others).
3) Secure network transport
So - when I tried this last year, I couldn't find a combination of
Apache/SSL/SSH/Subversion that could do all three.
Does it exist now?
Has anyone got a setup like this working?
I'm running on a RHEL3 64bit machine, which I cloned into a VM and then
on the VM upgraded to RHEL5. This completely broke Apache, so I'm
starting from scratch again there.
Thanks
Adrian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Re: Authentication in a domain
Posted by Adrian Marsh <Ad...@ubiquisys.com>.
Hi Greg,
Yes, that one gives user-level permissions, do you know if its possible
to take a group approach? Eg a member of a 2003-group can access
/svn/repos/<somedir> etc
(group control rather than a flat file)
Adrian
-----Original Message-----
From: Greg Thomas [mailto:thomasgd@omc.bt.co.uk]
Sent: 01 April 2008 09:06
To: users@subversion.tigris.org
Subject: Re: Authentication in a domain
On Mon, 31 Mar 2008 17:51:42 +0100, "Adrian Marsh"
<Ad...@ubiquisys.com> wrote:
>Does that then mean that you don't use internal SVN authentication at
>all? And that you organise sub-folder permissions from within the
apache
>URL??
Apache authenticates the user against AD.
Apache authorises the user using the Subversion module mod_authz_svn
(http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html
)
giving access (or not) various paths within the repository.
So really it's a combination of Apache & svn.
Greg
--
This post represents the views of the author and does
not necessarily accurately represent the views of BT.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Authentication in a domain
Posted by Greg Thomas <th...@omc.bt.co.uk>.
On Mon, 31 Mar 2008 17:51:42 +0100, "Adrian Marsh"
<Ad...@ubiquisys.com> wrote:
>Does that then mean that you don't use internal SVN authentication at
>all? And that you organise sub-folder permissions from within the apache
>URL??
Apache authenticates the user against AD.
Apache authorises the user using the Subversion module mod_authz_svn
(http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html)
giving access (or not) various paths within the repository.
So really it's a combination of Apache & svn.
Greg
--
This post represents the views of the author and does
not necessarily accurately represent the views of BT.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Authentication in a domain
Posted by Adrian Marsh <Ad...@ubiquisys.com>.
Hi Greg,
Does that then mean that you don't use internal SVN authentication at
all? And that you organise sub-folder permissions from within the apache
URL??
Adrian
-----Original Message-----
From: Greg Thomas [mailto:thomasgd@omc.bt.co.uk]
Sent: 31 March 2008 17:41
To: Adrian Marsh; users@subversion.tigris.org
Subject: Re: Authentication in a domain
On Mon, 31 Mar 2008 17:29:33 +0100, "Adrian Marsh"
<Ad...@ubiquisys.com> wrote:
>1) Authentication against a domain controller (Windows 2003), rather
>than a separate user/password
>2) Per repository and also sub-folder permissions (allow some
>users/groups to access some folders, deny to others).
>3) Secure network transport
Apache using https and mod_authnz_ldap
(http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html) will do
all of this for you, with no problems.
Greg
--
This post represents the views of the author and does
not necessarily accurately represent the views of BT.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Best svn clients
Posted by Andy Levy <an...@gmail.com>.
On Thu, Apr 3, 2008 at 11:33 AM, Sébastien Filion <sf...@finrad.com> wrote:
> Hi,
>
> I want to know what svn client offers the best performance.
Performance is largely dictated by network & client hard drive speed.
> Actually, we use Tortoise Svn, but it seems that we got some performance issues.
Can you quantify those issues? What exactly is happening? What is slow
which you think should be faster? I've never felt that TSVN itself was
"slow" - almost any perceived slowdown I can tie back to the overall
performance of my computer.
Keep in mind that many, if not most, clients are built on top of the
same core Subversion libraries.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Best svn clients
Posted by Sébastien Filion <sf...@finrad.com>.
Hi everybody,
I got an interesting result about Tortoise client performance...
I made some tests and here my results:
1- I made a checkout of X:
With svn.exe it takes: 1 m 16 s
With tortoise it takes: 3m 17 s
2- I made another checkout of X:
With svn.exe it takes: 1m 26s
With tortoise it takes: 3m 1s
3- I made another checkout of Y:
With svn.exe it takes: 3m.25s
With tortoise it takes: 6m 35s
Can anybody can reproduce this behavior...?
It seems that Tortoise is 2 to 3 times slower than subversion...
Thanks
-----Original Message-----
From: Andy Levy [mailto:andy.levy@gmail.com]
Sent: April 3, 2008 2:13 PM
To: Rishabh Manocha
Cc: Shawn Talbert; Sébastien Filion; users@subversion.tigris.org
Subject: Re: Best svn clients
On 4/3/08, Rishabh Manocha <rm...@gmail.com> wrote:
> I have seen issues with TSVN on windows too. For large projects - it
> takes forever to run updates/commits. But I guess that's due to the
> no. of binary files in the project tree itself.
Try with the standard SVN command-line client and see if it's any different.
> This maybe a question for the tsvn-users list, but I have also noticed
> that sometimes the tsvncache.exe process (which runs in the
> background) eats up a lot of cpu - for a considerable amount of time -
> even though at that time, I'm not performing any svn operations. Can
> anyone enlighten me on why this is??
It's scanning for .svn directories and any changes to working copies.
http://tortoisesvn.net/node/267 (best link I could find quick)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Best svn clients
Posted by Sébastien Filion <sf...@finrad.com>.
Great idea :)
-----Original Message-----
From: Andy Levy [mailto:andy.levy@gmail.com]
Sent: April 3, 2008 2:13 PM
To: Rishabh Manocha
Cc: Shawn Talbert; Sébastien Filion; users@subversion.tigris.org
Subject: Re: Best svn clients
On 4/3/08, Rishabh Manocha <rm...@gmail.com> wrote:
> I have seen issues with TSVN on windows too. For large projects - it
> takes forever to run updates/commits. But I guess that's due to the
> no. of binary files in the project tree itself.
Try with the standard SVN command-line client and see if it's any different.
> This maybe a question for the tsvn-users list, but I have also noticed
> that sometimes the tsvncache.exe process (which runs in the
> background) eats up a lot of cpu - for a considerable amount of time -
> even though at that time, I'm not performing any svn operations. Can
> anyone enlighten me on why this is??
It's scanning for .svn directories and any changes to working copies.
http://tortoisesvn.net/node/267 (best link I could find quick)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Best svn clients
Posted by Rishabh Manocha <rm...@gmail.com>.
On Thu, Apr 3, 2008 at 11:42 PM, Andy Levy <an...@gmail.com> wrote:
> On 4/3/08, Rishabh Manocha <rm...@gmail.com> wrote:
> > I have seen issues with TSVN on windows too. For large projects - it
> > takes forever to run updates/commits. But I guess that's due to the
> > no. of binary files in the project tree itself.
>
> Try with the standard SVN command-line client and see if it's any different.
I agree that it won't be any different with the standard svn client.
It's probably my fault to be including binary files in there
>
> > This maybe a question for the tsvn-users list, but I have also noticed
> > that sometimes the tsvncache.exe process (which runs in the
> > background) eats up a lot of cpu - for a considerable amount of time -
> > even though at that time, I'm not performing any svn operations. Can
> > anyone enlighten me on why this is??
>
> It's scanning for .svn directories and any changes to working copies.
> http://tortoisesvn.net/node/267 (best link I could find quick)
Thanks for that link. "Tell TortoiseSVN where your working copies are"
could help quiet a bit. Do I understand correctly that tsvncache.exe
searches everything under each and every mounted drive if these
properties aren't set? That could account for the long running and cpu
intensive process...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Best svn clients
Posted by Andy Levy <an...@gmail.com>.
On 4/3/08, Rishabh Manocha <rm...@gmail.com> wrote:
> I have seen issues with TSVN on windows too. For large projects - it
> takes forever to run updates/commits. But I guess that's due to the
> no. of binary files in the project tree itself.
Try with the standard SVN command-line client and see if it's any different.
> This maybe a question for the tsvn-users list, but I have also noticed
> that sometimes the tsvncache.exe process (which runs in the
> background) eats up a lot of cpu - for a considerable amount of time -
> even though at that time, I'm not performing any svn operations. Can
> anyone enlighten me on why this is??
It's scanning for .svn directories and any changes to working copies.
http://tortoisesvn.net/node/267 (best link I could find quick)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Best svn clients
Posted by Rishabh Manocha <rm...@gmail.com>.
I have seen issues with TSVN on windows too. For large projects - it
takes forever to run updates/commits. But I guess that's due to the
no. of binary files in the project tree itself.
This maybe a question for the tsvn-users list, but I have also noticed
that sometimes the tsvncache.exe process (which runs in the
background) eats up a lot of cpu - for a considerable amount of time -
even though at that time, I'm not performing any svn operations. Can
anyone enlighten me on why this is??
Best,
R
On Thu, Apr 3, 2008 at 10:35 PM, Shawn Talbert
<st...@exploreconsulting.com> wrote:
> Since you use Tortoise, you're implying you're on Windows. IMHO Tortoise is
> by far the best client I've seen for SVN on Windows.
>
> Perhaps wait until the 1.5 svn release (for which Tortoise has lots of nice
> updates as well) before giving up.
>
>
>
> -----Original Message-----
> From: Sébastien Filion [mailto:sfilion@finrad.com]
> Sent: Thursday, April 03, 2008 8:34 AM
> To: users@subversion.tigris.org
> Subject: Best svn clients
>
> Hi,
>
> I want to know what svn client offers the best performance.
>
> Actually, we use Tortoise Svn, but it seems that we got some performance
> issues.
>
> Does anybody know a better one? Or did I have to keep Tortoise and live with
> it?
>
> Thanks,
> Sebas
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Best svn clients
Posted by Shawn Talbert <st...@exploreconsulting.com>.
Since you use Tortoise, you're implying you're on Windows. IMHO Tortoise is
by far the best client I've seen for SVN on Windows.
Perhaps wait until the 1.5 svn release (for which Tortoise has lots of nice
updates as well) before giving up.
-----Original Message-----
From: Sébastien Filion [mailto:sfilion@finrad.com]
Sent: Thursday, April 03, 2008 8:34 AM
To: users@subversion.tigris.org
Subject: Best svn clients
Hi,
I want to know what svn client offers the best performance.
Actually, we use Tortoise Svn, but it seems that we got some performance
issues.
Does anybody know a better one? Or did I have to keep Tortoise and live with
it?
Thanks,
Sebas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Best svn clients
Posted by Sébastien Filion <sf...@finrad.com>.
Hi,
I want to know what svn client offers the best performance.
Actually, we use Tortoise Svn, but it seems that we got some performance issues.
Does anybody know a better one? Or did I have to keep Tortoise and live with it?
Thanks,
Sebas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Authentication in a domain
Posted by Adrian Marsh <Ad...@ubiquisys.com>.
Hi Edward,
Ok - so I know I can get LDAP lookups working, but should I use LDAP or
Kerberos? As I understand it LDAP is for directory lookups (phone #s,
contacts etc), but Kerberos is intended for account authentication?
Thanks,
Adrian
-----Original Message-----
From: Harvey, Edward [mailto:Edward.Harvey@patni.com]
Sent: 02 April 2008 05:13
To: Greg Thomas; Adrian Marsh; users@subversion.tigris.org
Subject: RE: Authentication in a domain
Yup. LDAP, or Kerberos. I believe apache & svn support both.
It might be tough to figure it out though, unless you're really good
with that sort of stuff. So if you've never done it before, I'll
suggest a good bit of research & experiment time.
> -----Original Message-----
> From: Greg Thomas [mailto:thomasgd@omc.bt.co.uk]
> Sent: Monday, March 31, 2008 12:41 PM
> To: Adrian Marsh; users@subversion.tigris.org
> Subject: Re: Authentication in a domain
>
> On Mon, 31 Mar 2008 17:29:33 +0100, "Adrian Marsh"
> <Ad...@ubiquisys.com> wrote:
>
> >1) Authentication against a domain controller (Windows 2003), rather
> >than a separate user/password
> >2) Per repository and also sub-folder permissions (allow some
> >users/groups to access some folders, deny to others).
> >3) Secure network transport
>
> Apache using https and mod_authnz_ldap
> (http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html) will do
> all of this for you, with no problems.
>
> Greg
> --
> This post represents the views of the author and does
> not necessarily accurately represent the views of BT.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
This e-mail message may contain proprietary, confidential or legally
privileged information for the sole use of the person or entity to whom
this message was originally addressed. Any review, e-transmission
dissemination or other use of or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. If you have received this e-mail in error
kindly delete this e-mail from your records. If it appears that this
mail has been forwarded to you without proper authority, please notify
us immediately at netadmin@patni.com and delete this mail.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Authentication in a domain
Posted by "Harvey, Edward" <Ed...@patni.com>.
Yup. LDAP, or Kerberos. I believe apache & svn support both.
It might be tough to figure it out though, unless you're really good with that sort of stuff. So if you've never done it before, I'll suggest a good bit of research & experiment time.
> -----Original Message-----
> From: Greg Thomas [mailto:thomasgd@omc.bt.co.uk]
> Sent: Monday, March 31, 2008 12:41 PM
> To: Adrian Marsh; users@subversion.tigris.org
> Subject: Re: Authentication in a domain
>
> On Mon, 31 Mar 2008 17:29:33 +0100, "Adrian Marsh"
> <Ad...@ubiquisys.com> wrote:
>
> >1) Authentication against a domain controller (Windows 2003), rather
> >than a separate user/password
> >2) Per repository and also sub-folder permissions (allow some
> >users/groups to access some folders, deny to others).
> >3) Secure network transport
>
> Apache using https and mod_authnz_ldap
> (http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html) will do
> all of this for you, with no problems.
>
> Greg
> --
> This post represents the views of the author and does
> not necessarily accurately represent the views of BT.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin@patni.com and delete this mail.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Authentication in a domain
Posted by Greg Thomas <th...@omc.bt.co.uk>.
On Mon, 31 Mar 2008 17:29:33 +0100, "Adrian Marsh"
<Ad...@ubiquisys.com> wrote:
>1) Authentication against a domain controller (Windows 2003), rather
>than a separate user/password
>2) Per repository and also sub-folder permissions (allow some
>users/groups to access some folders, deny to others).
>3) Secure network transport
Apache using https and mod_authnz_ldap
(http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html) will do
all of this for you, with no problems.
Greg
--
This post represents the views of the author and does
not necessarily accurately represent the views of BT.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Authentication in a domain
Posted by Ivan Zhakov <iv...@visualsvn.com>.
On Wed, Apr 2, 2008 at 10:57 PM, Andy Levy <an...@gmail.com> wrote:
>
> On Wed, Apr 2, 2008 at 2:45 PM, Ivan Zhakov <iv...@visualsvn.com> wrote:
> > On Mon, Mar 31, 2008 at 8:29 PM, Adrian Marsh
> >
> > <Ad...@ubiquisys.com> wrote:
> >
> > > Hi All,
> > >
> > > I'm going to be re-designing our current SVN setup, which currently uses
> > > Apache for its authentication via a simple htpasswd file and
> > > Mod_authz_svn
> > >
> > > However I want to achieve the following:
> > >
> > > 1) Authentication against a domain controller (Windows 2003), rather
> > > than a separate user/password
> > > 2) Per repository and also sub-folder permissions (allow some
> > > users/groups to access some folders, deny to others).
> > > 3) Secure network transport
> > >
> > All these goals could be achieved using VisualSVN Server [1], so
> > another option just add link to VisualSVN Server.
> >
> > [1] http://www.visualsvn.com/server/
>
> Why is it that the page you linked says "And last, but not least -
> VisualSVN Server is completely free! ', yet the FAQ [1] says
> otherwise?
>
> [1] http://www.visualsvn.com/doc/faq.html#faq-licensing-pricing
>
We charge money for VisualSVN (Subversion integration for Visual
Studio), but VisualSVN Server (Subversion server install and
management tool) is free. We'll try to write it more clear on our web
site.
--
Ivan Zhakov
VisualSVN Team
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Authentication in a domain
Posted by Andy Levy <an...@gmail.com>.
On Wed, Apr 2, 2008 at 2:45 PM, Ivan Zhakov <iv...@visualsvn.com> wrote:
> On Mon, Mar 31, 2008 at 8:29 PM, Adrian Marsh
>
> <Ad...@ubiquisys.com> wrote:
>
> > Hi All,
> >
> > I'm going to be re-designing our current SVN setup, which currently uses
> > Apache for its authentication via a simple htpasswd file and
> > Mod_authz_svn
> >
> > However I want to achieve the following:
> >
> > 1) Authentication against a domain controller (Windows 2003), rather
> > than a separate user/password
> > 2) Per repository and also sub-folder permissions (allow some
> > users/groups to access some folders, deny to others).
> > 3) Secure network transport
> >
> All these goals could be achieved using VisualSVN Server [1], so
> another option just add link to VisualSVN Server.
>
> [1] http://www.visualsvn.com/server/
Why is it that the page you linked says "And last, but not least -
VisualSVN Server is completely free! ', yet the FAQ [1] says
otherwise?
[1] http://www.visualsvn.com/doc/faq.html#faq-licensing-pricing
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Authentication in a domain
Posted by Ivan Zhakov <iv...@visualsvn.com>.
On Mon, Mar 31, 2008 at 8:29 PM, Adrian Marsh
<Ad...@ubiquisys.com> wrote:
> Hi All,
>
> I'm going to be re-designing our current SVN setup, which currently uses
> Apache for its authentication via a simple htpasswd file and
> Mod_authz_svn
>
> However I want to achieve the following:
>
> 1) Authentication against a domain controller (Windows 2003), rather
> than a separate user/password
> 2) Per repository and also sub-folder permissions (allow some
> users/groups to access some folders, deny to others).
> 3) Secure network transport
>
All these goals could be achieved using VisualSVN Server [1], so
another option just add link to VisualSVN Server.
[1] http://www.visualsvn.com/server/
--
Ivan Zhakov
VisualSVN Team
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org