allura-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 王再國 <wanga...@gmail.com>
Subject Re: SCM Auth & Allura Auth
Date Thu, 23 May 2013 08:24:23 GMT
many thank.
But I don't know how to write LocalAuthenticationProvider for http; svn;
ssh protocol to use same as the Allura password.
If possible. Can you give me some example?

wangaguo

2013/5/18 Cory Johns <cjohns@slashdotmedia.com>

> Each protocol uses a different authentication methods, but for the ones
> that use local accounts (e.g., ssh, git under some configurations), you
> could indeed have your LocalAuthenticationProvider subclass set the local
> account password to the same as the Allura password.
>
>
> On Thu, May 16, 2013 at 4:55 AM, 王再國 <wangaguo@gmail.com> wrote:
>
>> hi:
>> yes, I asking about "how to integrate authentication in Allura with
>> authentication for SCM access.".
>> I am sorry for my english is not so good.
>>
>> We want use allura build a production forge site. Not a private forge.
>> I have implemented subverion server. Include http; svn; ssh protocol.
>> Use schroot; FUSE; LDAP.  But LDAP no sync with Allura.
>> And I want use LocalAuthenticationProvider not LDAP.
>>
>> FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions
>> API.
>> But, ssh; https; svn; git; protocol need login authentication.
>> If use API or subprocess calls to register a new user on SCM. How to set
>> the password?
>> Allura user password encode same with the linux password encode?
>>
>> wangaguo
>>
>>
>> 2013/5/15 Cory Johns <cjohns@slashdotmedia.com>
>>
>>> I believe you are asking about how to integrate authentication in Allura
>>> with authentication for SCM access; if I have misunderstood your question,
>>> I apologize.
>>>
>>> In order to create, refresh, or remove repositories, the Allura taskd
>>> worker needs to have file system write permissions to the SCM folders, but
>>> for most normal operation it really only needs read access.  Beyond that,
>>> it doesn't put any restrictions on authentication for SCM access itself.
>>>
>>> LDAP would certainly work to manage authentication, but it comes with
>>> its own complications and I don't really have any experience setting up
>>> LDAP for the SCM auth management.
>>>
>>> There are a couple of approaches you could take for integrating local
>>> authentication with the SCM.  You could create a
>>> LocalAuthenticationProvider subclass that registered new users with the SCM
>>> authentication system via its API or subprocess calls.  For example, if you
>>> are using local system account authentication (e.g., git over ssh), the
>>> provider would need to call useradd via subprocess.
>>>
>>> Alternatively, you could use a single system user, possibly combined
>>> with something like HTTP Basic Auth, to access the SCM, and then use a FUSE
>>> filesystem to enforce access.  There is an implementation in the Allura
>>> project under fuse/accessfs.py and documentation for using it under
>>> Allura/docs/scm_host.rst.  This approach is more or less what we use at
>>> SourceForge.
>>>
>>>
>>> On Mon, May 13, 2013 at 10:56 PM, 王再國 <wangaguo@gmail.com> wrote:
>>>
>>>> hi:
>>>> Allura auth.method = ldap or Local
>>>>
>>>> if use the ldap. SCM can setting auth use ldap.
>>>> if use Local. SCM how to auth use Allura account?
>>>>
>>>> sourceforge how to auth? old sourceforge & allura & scm & other
app.
>>>>
>>>> wangaguo
>>>>
>>>
>>>
>>
>

Mime
View raw message