[Python-Dev] PEP: Migrating the Python CVS to Subversion
Phillip J. Eby
pje at telecommunity.com
Sat Jul 30 00:29:10 CEST 2005
At 05:54 PM 7/29/2005 -0400, Barry Warsaw wrote:
>Public/private keys would be better, and if anybody knows how to set up
>a Subversion server to use these without having to create accounts for
>everyone, I think we (the pythong.org admins) would love your help.
From the svnserve man page:
-t, --tunnel
Causes svnserve to run in tunnel mode, which is just like the
inetd mode of operation (serve one connection over stdin/stdout)
except that the connection is considered to be pre-authenticated
with the username of the current uid. This flag is selected by
the client when running over a tunnel agent.
--tunnel-user=username
When combined with --tunnel, overrides the pre-authenticated
username with the supplied username. This is useful in combina-
tion with the ssh authorized_key file's "command" directive to
allow a single system account to be used by multiple committers,
each having a distinct ssh identity.
So, it looks like you'd just need to set up public keys for each user, and
list them in authorized_keys. Presumably doing something like this:
command="/usr/bin/svnserve --root=/svnroot -t
--tunnel-user=username",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-rsa [key info here]
would therefore do the trick. I've used a similar arrangement for my own
CVS repository, but haven't tried it for SVN yet.
More information about the Python-Dev
mailing list