On Tue, Feb 07, 2006 at 11:05:44PM -0200, Felipe Scarel wrote:
> Since it's an open source project in which anyone can commit to the
> repository anytime, it's not possible to add each and every user as a
> system user. Instead, we're using Plone to write user information on
> the htaccess-style file that Subversion reads.
>
> However, I guess I'm going to use your strategy on another server that
> is not wide open to commits, looks more than enough.
>
> Anyway, an Apache2 port wouldn't be a bad idea... I'll study some more
> and try to work on that on the near future.
There is no need for that, really. Use public key authentication, one
key per person, and a .ssh/authorized_keys file that looks like this,
minus line breaks and empty lines and with actual public keys:
command="umask 027; svnserve -t --tunnel-user=joachim -r
/var/svn",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
ssh-rsa $pubkey_joachim [EMAIL PROTECTED]
command="umask 027; svnserve -t --tunnel-user=felipe -r
/var/svn",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
ssh-rsa $pubkey_felipe [EMAIL PROTECTED]
It's quite neat, and no neat for Apache 2. Setting up a session might be
slightly quicker in Apache, but data throughput might be equal. Or not -
I don't know if mod_dav_svn does any caching, and I've never benchmarked
it.
And if you keep an ssh session open (ControlMaster and so on, see
ssh_config(5)), I'd imagine it being quite a bit faster under a normal
usage pattern for a developer (lots of connections, exchanging litte
data each time).
Joachim
