|
Version Control with Subversion - svnserve, a custom server - Built-in authentication and authorization
Built-in authentication and authorization
When a client connects to an
svnserve
process, the following things happen:
-
The client selects a specific
repository.
-
The server processes the repository's
conf/svnserve.conf file, and begins to
enforce any authentication and authorization policies defined
therein.
-
Depending on the situation and authorization
policies,
-
the client may be allowed to make requests
anonymously, without ever receiving an authentication
challenge, OR
-
the client may be challenged for
authentication at any time, OR
-
if operating in “tunnel
mode”, the client will declare itself to be
already externally authenticated.
At the time of writing, the server only knows how to send
a CRAM-MD5 [24]
authentication challenge. In essence, the server sends a bit
of data to the client. The client uses the MD5 hash algorithm
to create a fingerprint of the data and password combined,
then sends the fingerprint as a response. The server performs
the same computation with the stored password to verify that
the result is identical.
At no point does the
actual password travel over the network.
It's also possible, of course, for the client to be
externally authenticated via a tunnel agent, such as
SSH
. In that case, the server simply
examines the user it's running as, and uses it as the
authenticated username. For more on this, see
the section called “SSH authentication and authorization”.
As you've already guessed, a repository's
svnserve.conf file is the central
mechanism for controlling authentication and authorization
policies. The file has the same format as other configuration
files (see
the section called “Runtime Configuration Area”): section names
are marked by square brackets ([ and
] ), comments begin with hashes
(# ), and each section contains
specific variables that can be set (variable =
value ). Let's walk through this file and learn how
to use them.
[an error occurred while processing this directive]
|
|