On Tue, Dec 18, 2012 at 6:52 AM, Jonathan Holloway <jonathan.hollo...@gmail.com> wrote: > Hi all, > > I was wondering what is required to implement an alternative authorization > mechanism (aside from the authz approach) possibly using MySQL or another > database?
svn+ssh works pretty well, and avoids the "storing password in plain text for Linux clients" problem. Any authentication technology for HTTPS based access which links to a more central authentication system with stored passwords is at risk of users using the same password for other applications, such as email or login, and leaving their passwords stored in clear text in $HOME/.subversion/. > I'm aware of setting up Subversion with Apache using mod authz_svn_db. > > http://web.fhnw.ch/technik/projekte/i/fruehling09/BieliHaller/downloads/downloads/Dokumente/PDF/AdminGuide.pdf > > but I'm interested in whether anybody has done this without Apache via some > Subversion code changes? Possibly, but it suffers from the issues I just mentioned. Unless you have high confidence in local filesystem security, and can assure that passwords used in the LDAP or database are not used elsewhere, you face exactly this security issue. (Note that I'm really a broken record about this. Many Subversion users and admins have confidence in their local filesystems. Due to NFS home directories and offsite backups, I have no such confidence.)
