On Tue, May 28, 2013 at 7:19 PM, Daniel Shahaf <d...@daniel.shahaf.name> wrote: > Philippe Andersson wrote on Tue, May 28, 2013 at 09:52:10 +0200: >> Hello list, >> >> We're starting to create slave Subversion repos for installation on >> remote sites. All of them will svnsync against a single central master >> at headquarters. >> >> Now the question: we would like all users on the remote sites to >> authenticate against the master (to avoid having replicating that info >> as well to the slave servers). The authentication on the master is >> handled through Apache. >> >> Is it possible to configure the slave servers to proxy the >> authentication requests against the master ? > > It's certainly possible (e.g., if you use LDAP authentication you could > configure an LDAPAuthURL that points to HQ), but whoever has access to > the slave's httpd.conf will be able to disable/change those settings.
If I may suggest? You're re-inventing yet another in a whole set of wheels for high availability support. Why not just buy the whole Land Rover to start with, talk to our friends and colleagues over at www.wandisco.com, and check out their commercial support for multi-master setups for Subversion? With all the work they've done to provide genuine multi-master support, I'm sure they've devoted good support to shared authentication. In fact, I'm sure the shared authentication is built into numerous Apache modules such as mirrored flat text file account management distrikbuted through cfengine or chef, LDAP with Kerberos, NIS, or a dozen other services.
