Switching to Subversion
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Apr 7 11:04:48 EDT 2005
On Thursday, April 07, 2005 10:49:20 AM -0400 Ezra Peisach
<epeisach at mit.edu> wrote:
>
> I have no substantial objection - but just want a clarification...
> What authentication scheme do you envision?
>
> Will the repository be housed on one machine, with svnserve access,
> or will the repository be in AFS - and everyone works in that fashion?
>
> (I know you have already indicated that you are not interested in using
> the http methoidology)
>
> For svnserve access - how will users be authorized & authenticated? My
> reading of the svn docs imply for svnserve - you have two options -
> CRAM-MD5 and ssh... For ssh - wouldn't all users need accounts on
> the server in order to execute svnserve?
>
> The other option or putting the repository in AFS - would then
> decentralize the process - and would mean that the hook-scripts would
> have to be carefully crafted to work at all sites...
Actually, there is a third option:
The "real" repository lives on some specific machine, either in the local
filesystem or in AFS. Everyone with authority to make changes to the
repository has ssh access to that machine. Whenever a change is made, it
is automatically propagated to a read-only "public" repository (immediately
by a hook script, or on a periodic basis by a cron job, or simply by having
the "real" repository world-readable in AFS).
This approach limits the scalability problem to the set of people who are
authorized to make changes to the repository. The problem should be
manageable on that set, since if it is too large than you have bigger
problems than having to manage accounts on the repository machine.
-- Jeff
More information about the krbdev
mailing list