11

I've set up a Ubuntu Server for Subversion with Apache/WebDAV interface to share repositories with other developers. My question is, how can I make Subversion use the linux system accounts for authentication? This would lead to very easy Subversion account management. Subversion with Apache/WebDAV is currently working with this configuration:

Contents of /etc/apache2/mods-available/dav_svn.conf:

<Location /svn>
  DAV svn
  SVNParentPath /home/svn
  SVNListParentPath On
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd
  Require valid-user
</Location>

I have tried changing AuthUserFile /etc/apache2/dav_svn.passwd with AuthUserFile /etc/shadow with no success. This makes the server to respond with a error 500 internal server error. It's logical, why the Web service should have access to system authentication file?

Thanks a lot in advance!

Alejandro García Iglesias
  • 16,222
  • 11
  • 51
  • 64

3 Answers3

21

Ok! I did it! And I thought it would be very hard to find the answer!

We have to tell Apache to use an "external authentication provider", Apache won't be checking for authentication, but will delegate the task to an external authenticator, in this case, the marvellous pwauth.

So the steps I did to make it work was:

  1. Install Mod_Auth_External module for Apache2 and pwauth

    sudo apt-get install libapache2-mod-authnz-external pwauth

  2. Enabled the new module for Apache: sudo a2enmod authnz_external in terminal.

  3. Configured my apache.conf (or you may have httpd.conf) to add the external authenticator (based on this article):

    AddExternalAuth pwauth /usr/local/libexec/pwauth
SetExternalAuthMethod pwauth pipe

  4. Edited my /etc/apache2/mods-available/dav_svn.conf to set the new external auth provider:

    ...
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
...

  5. Tested and worked fine!

Alejandro García Iglesias
  • 16,222
  • 11
  • 51
  • 64
  • In one on my servers there was a little issue, cause 'pwauth' was installed to a different directory per default ( /usr/sbin/pwauth ). So either modify point 3 stated above with the appropriate path, or - like I did in my case - simply add a ''ln -s /usr/sbin/pwauth /usr/local/libexec/pwauth''. After that, all worked like a charm, thanks! – Megodin Feb 22 '19 at 16:10
1

Couldn't you use ssh to access subversion repositories instead of WebDAV?

svn checkout svn+ssh://user@server:/home/svn/repository/trunk
Heikki
  • 15,329
  • 2
  • 54
  • 49
  • Thanks for your answer. I have configured SVN in WebDAV flavour, mainly because it's the only method I know and can configure, but also because it's the recommended method as I have read. I like how it works over WebDAV and I really don't know how it performs on svn+ssh. I currently have found the answer and posted it. I still accept suggestions and comments. Thanks! – Alejandro García Iglesias Dec 23 '10 at 23:50
  • There isn't much to configure. Add users to svn group. If users have ssh access to the server they have access to repositories as well. This works better if public/private key authentication has been set up (no password typing on each commit). – Heikki Dec 24 '10 at 00:14
  • 2
    That works well for Linux, but svn+ssh is a pain for Windows developers. – Michael Munsey Jul 22 '11 at 15:55
0

I can't comment yet, but wanted to add that in Ubuntu 12.04 the path of pwauth has changed so now this should be

AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe

and this can be conveniently placed in a separate file inside etc/apache2/conf.d

nesuribe
  • 73
  • 1
  • 5