On Fri, Jul 30, 2010 at 07:56, Nico Kadel-Garcia <nka...@gmail.com> wrote: > On Thu, Jul 29, 2010 at 8:51 AM, Nils Wilhelm <mur...@planet-of-art.de> wrote: >> Hi there, >> >> i need your help getting an overview and configuring a subversion server. >> What i have to do is setting up a subversion server using ldap and ssh. >> After reading some theory about it i'm totally confused :-) So i hope you >> can help me with that. >> >> What i have: A suse server with a working ssh connection, nothing else, i.e. >> all other ports are closed. >> >> What my boss wants: The server should be accessed using ssh because of >> security issues and the authentication (for subversion) should be managed by >> ldap (other apps will use lpad either). Svnserv should be used instead of a >> apache webserver extension. Round about 20 persons should have access to >> subversion but should not be able to open a ssh shell connection to the >> server. Is that possible? I hope anybody can give me an overview. >> >> Best regards >> >> Nils > > Don't use LDAP. One problem is that it will allow multiple users > filesystem access to the Subversion repository, and *SOMEONE* is > likely to screw it up for everyone else by trying to manually edit > something in the repository in a large environment with multiple > developers. Also, remember that the UNIX and Linux clients will save > passwords in clear text by default in the user's home directory. That > makes your LDAP passwords vulnerable to anyone who can access home > directories or backup tapes. This is a longstanding vulnerability, and > there is no fix. (Subversion 1.6 does warn you before saving them, > which is polite, but will still save them, which is bad.)
This is not entirely accurate. As of Subversion 1.6, *NIX clients can use GNOME Keyring or KDE Wallet to safely store passwords. http://blogs.open.collab.net/svn/2009/07/subversion-16-security-improvements.html