Hello, I have setup something quite similar for my former company, although the physical security requirements were less stringent: We had off-shore developers, customer-side developers and our own developers located both at our main office and customer's office. We needed to isolate each projects.
We use Apache frontend with SSL key authentication for everything: subversion, web site and repository access. Access to svn and project's site is controlled by simple CN lists, CRL can be used to invalidate keys when someone leaves. Deployment is handled by continuum which is run internally (so no uploading rights problem). It works both in Windows and linux clients and only needs that the client install the private key in browser and svn client, a trivial task. Benefits: - transparent strong authentication (no passwords to type, users are identified as precisely as possible - management is relatively easy, even in "manual" mode (ie. without a real PKI infrastructure). We don't use LDAP based key authentication but it's just because I never took the time to read the apache doc :-) - fine grained access control to projects (and even projects parts if needed) HTH, -- OQube < software engineering \ génie logiciel > Arnaud Bailly, Dr. \web> http://www.oqube.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
