FFR, here's what I came up with for the best practices simple solution: Store the htpasswd file as /etc/apache2/dav_svn.passwd and use it for both Trac and SVN authentication using Apache.
Ideally, use DIGEST (although BASIC is fine for normal situations) If security is an issue, push all Trac (or at least $TRAC/login) and SVN traffic to SSL. On Jul 17, 4:41 pm, "Noah Kantrowitz" <[EMAIL PROTECTED]> wrote: > > -----Original Message----- > > From: [email protected] [mailto:[EMAIL PROTECTED] > > On Behalf Of Dimitri Maziuk > > Sent: Thursday, July 17, 2008 12:38 PM > > To: [email protected] > > Subject: [Trac] Re: Best Authentication solution for typical > > installations > > > On Thursday 17 July 2008 14:16:00 adamiis111 wrote: > > > I'm more concerned with the general solution since I'd like to get it > > > into the Trac installation documents which give different directions > > > for Mac, Ubuntu, and generic. > > > Well the general solution depends on what the problem is. I'm sure all > > that "layered security" etc. crap is much too complicated, but you have > > to > > have a basic idea of how the various parts of your setup fit together. > > > > Anyway, not all of my users would have write access to Subversion nor > > > shell access. > > > If you give them accounts so they can do svn+ssh:// commits, the proper > > way > > would be to put them in ldap and use that everywhere. If you don't give > > them > > accounts, access is via the web, but they still have to sign in -- > > share > > the .htpasswd file between trac and svn. Do it over https so passwords > > get > > encrypted. > > Svn+ssh is far outside of what a "normal" Trac site deals with. It is > actually very annoying to setup Trac with svn+ssh sometimes due to umask > issues. The simple solution is mod_dav_svn+SSL+htpasswd. > > --Noah --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
