Switching to Subversion

Jeffrey Hutzelman jhutz at cmu.edu
Thu Apr 7 11:04:48 EDT 2005

On Thursday, April 07, 2005 10:49:20 AM -0400 Ezra Peisach 
<epeisach at mit.edu> wrote:

> I have no substantial objection - but just want a clarification...
> What authentication scheme do you envision?
> Will the repository be housed on one machine, with svnserve access,
> or will the repository be in AFS - and everyone works in that fashion?
> (I know you have already indicated that you are not interested in using
> the http methoidology)
> For svnserve access - how will users be authorized & authenticated? My
> reading of the svn docs imply for svnserve - you have two options -
> CRAM-MD5 and ssh... For ssh - wouldn't all users need accounts on
> the server in order to execute svnserve?
> The other option or putting the repository in AFS - would then
> decentralize the process - and would mean that the hook-scripts would
> have to be carefully crafted to work at all sites...

Actually, there is a third option:

The "real" repository lives on some specific machine, either in the local 
filesystem or in AFS.  Everyone with authority to make changes to the 
repository has ssh access to that machine.  Whenever a change is made, it 
is automatically propagated to a read-only "public" repository (immediately 
by a hook script, or on a periodic basis by a cron job, or simply by having 
the "real" repository world-readable in AFS).

This approach limits the scalability problem to the set of people who are 
authorized to make changes to the repository.  The problem should be 
manageable on that set, since if it is too large than you have bigger 
problems than having to manage accounts on the repository machine.

-- Jeff

More information about the krbdev mailing list