allura-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cory Johns <cjo...@slashdotmedia.com>
Subject Re: SCM Auth & Allura Auth
Date Fri, 17 May 2013 19:06:21 GMT
Each protocol uses a different authentication methods, but for the ones
that use local accounts (e.g., ssh, git under some configurations), you
could indeed have your LocalAuthenticationProvider subclass set the local
account password to the same as the Allura password.


On Thu, May 16, 2013 at 4:55 AM, 王再國 <wangaguo@gmail.com> wrote:

> hi:
> yes, I asking about "how to integrate authentication in Allura with
> authentication for SCM access.".
> I am sorry for my english is not so good.
>
> We want use allura build a production forge site. Not a private forge.
> I have implemented subverion server. Include http; svn; ssh protocol.
> Use schroot; FUSE; LDAP.  But LDAP no sync with Allura.
> And I want use LocalAuthenticationProvider not LDAP.
>
> FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions
> API.
> But, ssh; https; svn; git; protocol need login authentication.
> If use API or subprocess calls to register a new user on SCM. How to set
> the password?
> Allura user password encode same with the linux password encode?
>
> wangaguo
>
>
> 2013/5/15 Cory Johns <cjohns@slashdotmedia.com>
>
>> I believe you are asking about how to integrate authentication in Allura
>> with authentication for SCM access; if I have misunderstood your question,
>> I apologize.
>>
>> In order to create, refresh, or remove repositories, the Allura taskd
>> worker needs to have file system write permissions to the SCM folders, but
>> for most normal operation it really only needs read access.  Beyond that,
>> it doesn't put any restrictions on authentication for SCM access itself.
>>
>> LDAP would certainly work to manage authentication, but it comes with its
>> own complications and I don't really have any experience setting up LDAP
>> for the SCM auth management.
>>
>> There are a couple of approaches you could take for integrating local
>> authentication with the SCM.  You could create a
>> LocalAuthenticationProvider subclass that registered new users with the SCM
>> authentication system via its API or subprocess calls.  For example, if you
>> are using local system account authentication (e.g., git over ssh), the
>> provider would need to call useradd via subprocess.
>>
>> Alternatively, you could use a single system user, possibly combined with
>> something like HTTP Basic Auth, to access the SCM, and then use a FUSE
>> filesystem to enforce access.  There is an implementation in the Allura
>> project under fuse/accessfs.py and documentation for using it under
>> Allura/docs/scm_host.rst.  This approach is more or less what we use at
>> SourceForge.
>>
>>
>> On Mon, May 13, 2013 at 10:56 PM, 王再國 <wangaguo@gmail.com> wrote:
>>
>>> hi:
>>> Allura auth.method = ldap or Local
>>>
>>> if use the ldap. SCM can setting auth use ldap.
>>> if use Local. SCM how to auth use Allura account?
>>>
>>> sourceforge how to auth? old sourceforge & allura & scm & other app.
>>>
>>> wangaguo
>>>
>>
>>
>

Mime
View raw message