You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "LARRAIN, GUIDO MARTIN (AG-Contractor/5000)" <gu...@monsanto.com> on 2013/03/06 21:03:56 UTC
How to change password when is about to expire
Hi There;
I'm newbie on Subversion and I have a few questions about some particular configurations on SVN.
Let me gives you the scenario.
We have a subversion installed on a Linux box and its working fine! We have some repos there that developers across the company use to store code and some other things.
We also have SVN configured to use LDAP authentication to allow users to use the right repo.
But we are facing a problem that when users account expire they don't get any message saying that is about to expire and then, of course, they can't login because of that.
So my question is if there is a way to configure apache to allow users to change their password when is about to expire.
I really appreciate if you can help me with that. Thanks in advance!
Guido Larrain
This e-mail message may contain privileged and/or confidential information, and is intended to be received only by persons entitled
to receive such information. If you have received this e-mail in error, please notify the sender immediately. Please delete it and
all attachments from any servers, hard drives or any other media. Other use of this e-mail by you is strictly prohibited.
All e-mails and attachments sent and received are subject to monitoring, reading and archival by Monsanto, including its
subsidiaries. The recipient of this e-mail is solely responsible for checking for the presence of "Viruses" or other "Malware".
Monsanto, along with its subsidiaries, accepts no liability for any damage caused by any such code transmitted by or accompanying
this e-mail or any attachment.
The information contained in this email may be subject to the export control laws and regulations of the United States, potentially
including but not limited to the Export Administration Regulations (EAR) and sanctions regulations issued by the U.S. Department of
Treasury, Office of Foreign Asset Controls (OFAC). As a recipient of this information you are obligated to comply with all
applicable U.S. export laws and regulations.
RE: How to change password when is about to expire
Posted by "LARRAIN, GUIDO MARTIN (AG-Contractor/5000)" <gu...@monsanto.com>.
Alright Ryan, thx for your help!! Will try that.
Guido Larrain
-----Original Message-----
From: Ryan Schmidt [mailto:subversion-2012c@ryandesign.com]
Sent: Wednesday, March 06, 2013 5:30 PM
To: LARRAIN, GUIDO MARTIN [AG-Contractor/5000]
Cc: users@subversion.apache.org
Subject: Re: How to change password when is about to expire
On Mar 6, 2013, at 14:27, "LARRAIN, GUIDO MARTIN (AG-Contractor/5000)" wrote:
> Ok, great! Thx for the info. One more thing, is there any module (or something) to install on subversion to allow users to change their password? I mean, now I know there svn doesn't know when is about to expire but they can change it before the account is expired. Thanks again!
The Subversion project itself doesn't provide a user-accessible way to change passwords, because there are so many different ways that an administrator might have set up authentication. In your case, with LDAP authentication, if you don't already have something like this, you could look for a web-based LDAP password change system. I found a couple such projects searching Google for "ldap web password change".
This e-mail message may contain privileged and/or confidential information, and is intended to be received only by persons entitled
to receive such information. If you have received this e-mail in error, please notify the sender immediately. Please delete it and
all attachments from any servers, hard drives or any other media. Other use of this e-mail by you is strictly prohibited.
All e-mails and attachments sent and received are subject to monitoring, reading and archival by Monsanto, including its
subsidiaries. The recipient of this e-mail is solely responsible for checking for the presence of "Viruses" or other "Malware".
Monsanto, along with its subsidiaries, accepts no liability for any damage caused by any such code transmitted by or accompanying
this e-mail or any attachment.
The information contained in this email may be subject to the export control laws and regulations of the United States, potentially
including but not limited to the Export Administration Regulations (EAR) and sanctions regulations issued by the U.S. Department of
Treasury, Office of Foreign Asset Controls (OFAC). As a recipient of this information you are obligated to comply with all
applicable U.S. export laws and regulations.
Re: How to change password when is about to expire
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Mar 6, 2013, at 14:27, "LARRAIN, GUIDO MARTIN (AG-Contractor/5000)" wrote:
> Ok, great! Thx for the info. One more thing, is there any module (or something) to install on subversion to allow users to change their password? I mean, now I know there svn doesn't know when is about to expire but they can change it before the account is expired. Thanks again!
The Subversion project itself doesn't provide a user-accessible way to change passwords, because there are so many different ways that an administrator might have set up authentication. In your case, with LDAP authentication, if you don't already have something like this, you could look for a web-based LDAP password change system. I found a couple such projects searching Google for "ldap web password change".
RE: How to change password when is about to expire
Posted by "LARRAIN, GUIDO MARTIN (AG-Contractor/5000)" <gu...@monsanto.com>.
Ok, great! Thx for the info. One more thing, is there any module (or something) to install on subversion to allow users to change their password? I mean, now I know there svn doesn't know when is about to expire but they can change it before the account is expired. Thanks again!
Guido Larrain
-----Original Message-----
From: Ryan Schmidt [mailto:subversion-2012c@ryandesign.com]
Sent: Wednesday, March 06, 2013 5:10 PM
To: LARRAIN, GUIDO MARTIN [AG-Contractor/5000]
Cc: users@subversion.apache.org
Subject: Re: How to change password when is about to expire
On Mar 6, 2013, at 14:03, "LARRAIN, GUIDO MARTIN (AG-Contractor/5000)" wrote:
> We have a subversion installed on a Linux box and its working fine! We have some repos there that developers across the company use to store code and some other things.
>
> We also have SVN configured to use LDAP authentication to allow users to use the right repo.
>
> But we are facing a problem that when users account expire they don't get any message saying that is about to expire and then, of course, they can't login because of that.
>
> So my question is if there is a way to configure apache to allow users to change their password when is about to expire.
Subversion doesn't know when a password is about to expire. Subversion has no notion of password expiration; that's a concept only your LDAP server knows about. If your users want to change their password, they should use whatever mechanism you already have set up with your LDAP server to allow that.
This e-mail message may contain privileged and/or confidential information, and is intended to be received only by persons entitled
to receive such information. If you have received this e-mail in error, please notify the sender immediately. Please delete it and
all attachments from any servers, hard drives or any other media. Other use of this e-mail by you is strictly prohibited.
All e-mails and attachments sent and received are subject to monitoring, reading and archival by Monsanto, including its
subsidiaries. The recipient of this e-mail is solely responsible for checking for the presence of "Viruses" or other "Malware".
Monsanto, along with its subsidiaries, accepts no liability for any damage caused by any such code transmitted by or accompanying
this e-mail or any attachment.
The information contained in this email may be subject to the export control laws and regulations of the United States, potentially
including but not limited to the Export Administration Regulations (EAR) and sanctions regulations issued by the U.S. Department of
Treasury, Office of Foreign Asset Controls (OFAC). As a recipient of this information you are obligated to comply with all
applicable U.S. export laws and regulations.
Re: How to change password when is about to expire
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Mar 6, 2013, at 14:03, "LARRAIN, GUIDO MARTIN (AG-Contractor/5000)" wrote:
> We have a subversion installed on a Linux box and its working fine! We have some repos there that developers across the company use to store code and some other things.
>
> We also have SVN configured to use LDAP authentication to allow users to use the right repo.
>
> But we are facing a problem that when users account expire they don’t get any message saying that is about to expire and then, of course, they can’t login because of that.
>
> So my question is if there is a way to configure apache to allow users to change their password when is about to expire.
Subversion doesn't know when a password is about to expire. Subversion has no notion of password expiration; that's a concept only your LDAP server knows about. If your users want to change their password, they should use whatever mechanism you already have set up with your LDAP server to allow that.
RE: How to change password when is about to expire
Posted by Bert Huijben <be...@qqmail.nl>.
> -----Original Message-----
> From: Pavel Lyalyakin [mailto:pavel.lyalyakin@visualsvn.com]
> Sent: donderdag 7 maart 2013 13:15
> To: LARRAIN, GUIDO MARTIN (AG-Contractor/5000)
> Cc: users@subversion.apache.org
> Subject: Re: How to change password when is about to expire
>
> Hello Guido,
>
> > I'm newbie on Subversion and I have a few questions about some
> particular
> > configurations on SVN.
> >
> > Let me gives you the scenario.
> >
> > We have a subversion installed on a Linux box and its working fine! We
> have
> > some repos there that developers across the company use to store code
> and
> > some other things.
> >
> > We also have SVN configured to use LDAP authentication to allow users to
> use
> > the right repo.
> >
> > But we are facing a problem that when users account expire they don't
get
> > any message saying that is about to expire and then, of course, they
can't
> > login because of that.
> >
> > So my question is if there is a way to configure apache to allow users
to
> > change their password when is about to expire.
>
> VisualSVN Server can help you here. However it's Windows-only
> Subversion server package: http://www.visualsvn.com/server/. Do you
> have some special technical requirement to install Apache Subversion
> server on a Linux box?
>
> * If you are in Active Directory environment you can benefit from
> Windows authentication which allows users to access VisualSVN Server
> with their Windows credentials.
>
> Windows authentication relies on Active Directory users and groups so
> you can manage authorization settings based on existing AD accounts.
> In other words you don't need to manage separate user list. So when
> user's Windows password expires he will be prompted to change on
> Windows logon (as usual, in fact).
>
> Integrated Windows Authentication, which is available in Enterprise
> edition, enables AD Single Sign-On and improves password security. I
> advise you to check the feature description at
> http://www.visualsvn.com/server/features/windows-auth/.
While (as far as I know) VisualSVN is the only tool that makes it this easy
to setup, you can also use Active Directory as LDAP server with almost every
Subversion server package. (Wandisco, CollabNet, etc.)
And if you setup Apache httpd yourself you can avoid typing passwords by
setting up mod_authz_sspi.
(I think VisualSVN uses a combination of these systems)
Bert
Re: How to change password when is about to expire
Posted by Pavel Lyalyakin <pa...@visualsvn.com>.
Hello Guido,
> I’m newbie on Subversion and I have a few questions about some particular
> configurations on SVN.
>
> Let me gives you the scenario.
>
> We have a subversion installed on a Linux box and its working fine! We have
> some repos there that developers across the company use to store code and
> some other things.
>
> We also have SVN configured to use LDAP authentication to allow users to use
> the right repo.
>
> But we are facing a problem that when users account expire they don’t get
> any message saying that is about to expire and then, of course, they can’t
> login because of that.
>
> So my question is if there is a way to configure apache to allow users to
> change their password when is about to expire.
VisualSVN Server can help you here. However it's Windows-only
Subversion server package: http://www.visualsvn.com/server/. Do you
have some special technical requirement to install Apache Subversion
server on a Linux box?
* If you are in Active Directory environment you can benefit from
Windows authentication which allows users to access VisualSVN Server
with their Windows credentials.
Windows authentication relies on Active Directory users and groups so
you can manage authorization settings based on existing AD accounts.
In other words you don't need to manage separate user list. So when
user's Windows password expires he will be prompted to change on
Windows logon (as usual, in fact).
Integrated Windows Authentication, which is available in Enterprise
edition, enables AD Single Sign-On and improves password security. I
advise you to check the feature description at
http://www.visualsvn.com/server/features/windows-auth/.
* If you want to use Subversion authentication and maintain separate
users list VisualSVN Server can also help you.
You can change user's password using WMI because VisualSVN Server can
be managed via WMI (Windows Management Instrumentation) interface:
http://msdn.microsoft.com/library/aa394582.
This PowerShell script sample will set 'qwerty123' password for
Subversion user 'user' on a VisualSVN Server instance located on
'computer.contoso.com' on your network.
[[
$svnuser = Get-WmiObject -Namespace Root\VisualSVN -ComputerName
computer.contoso.com -query "select * from VisualSVN_User where name =
'user'"
$svnuser.SetPassword('qwerty123')
]]
MOF file which describes the VisualSVN Server interface resides in the
%VISUALSVN_SERVER%\WMI on the computer where VisualSVN Server is
installed. Using this file as a reference you can write a script to
locally and/or remotely manage VisualSVN Server on a various
programming languages.
Thank you.
--
With best regards,
Pavel Lyalyakin
VisualSVN Team