[Python-Dev] PEP: Migrating the Python CVS to Subversion

[Phillip J. Eby]

At 05:54 PM 7/29/2005 -0400, Barry Warsaw wrote:
>Public/private keys would be better, and if anybody knows how to set up
>a Subversion server to use these without having to create accounts for
>everyone, I think we (the pythong.org admins) would love your help.

 From the svnserve man page:

  -t, --tunnel
     Causes  svnserve  to  run  in tunnel mode, which is just like the
     inetd mode of operation (serve one connection over  stdin/stdout)
     except  that the connection is considered to be pre-authenticated
     with the username of the current uid.  This flag is  selected  by
     the client when running over a tunnel agent.

  --tunnel-user=username
     When  combined  with  --tunnel,  overrides  the pre-authenticated
     username with the supplied username.  This is useful in  combina-
     tion  with  the  ssh authorized_key file's "command" directive to
     allow a single system account to be used by multiple  committers,
     each having a distinct ssh identity.

So, it looks like you'd just need to set up public keys for each user, and 
list them in authorized_keys.  Presumably doing something like this:

command="/usr/bin/svnserve --root=/svnroot -t 
--tunnel-user=username",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding 
ssh-rsa [key info here]

would therefore do the trick.  I've used a similar arrangement for my own 
CVS repository, but haven't tried it for SVN yet.