[MINC-development] MINC and Subversion
Andrew Janke
a.janke at gmail.com
Wed May 9 10:08:30 EDT 2007
> Now that I look it up, LDAP isn't necessary: apache_auth_pam would be
> happy to use the NIS accounts.
>
> SSL server I said and meant it. SSL client certs I think is way
> overkill and was just pointing out that you can do whatever you want.
> Users logging in to SVN via http using their NIS accounts will be
> sending their BIC account info in plaintext across the internet. Not
> really a great idea, IMHO - thus SSL server to encrypt the communication
> channel such that the account info is sent securely.
>
> As to how to handle internal and external users together: BIC accounts
> (NIS) for internal users and a separate htpasswd-type file for the
> external users should be fine. You can load more than one auth module
> into apache, and if you use an auth block that's something like:
>
> AuthType Basic
> AuthName "secure area"
> AuthPAM_FallThrough on
> AuthUserFile /path/to/apache/passwd/passwords
> AuthGroupFile /path/to/apache/passwd/groups
>
> require group coders
> require valid-user
>
> Then it will try PAM (in our case, NIS) and if the user doesn't appear
> in NIS then it will fall through to the specified htpasswd-managed user
> and group files.
Thanks for this, all good food for thought, however I doubt that
certain individuals (JF! you aren't on MINC dev are you? :) would
agree to mixing NIS with apache, call it paranoia, I know myself I am
not keen on this. But there is like a good compromise, do you know if
it is possible to limit module use to an subnet?
What I am thinking of is the following:
1) we use svn + webDAV
2) Access is via .htpasswd first and failing that, NIS+PAM+SSL
3) BUT! restrinct NIS+PAM+SSL to the BIC subnet only as is NIS currently
I also realise that .htpasswd is not all that secure (but quite secure
enough). Is there a slightly better version of .htpasswd that works
in this instance via SSL? Or is .htpasswd + SSL enough?
ta
a
More information about the MINC-development
mailing list