allura-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cory Johns <cjo...@slashdotmedia.com>
Subject Re: SCM Auth & Allura Auth
Date Tue, 28 May 2013 15:49:01 GMT
Sorry for the delayed response; it was a holiday weekend.

Here's a super simple (untested) LAP implementation that adds the user to
the local system with the same password as in Allura:
https://sourceforge.net/p/allura/pastebin/51a4d156d46bb46b81684997/

I'm not certain that the options given to useradd are right, but that's the
general idea of what I was thinking.


On Thu, May 23, 2013 at 4:24 AM, 王再國 <wangaguo@gmail.com> wrote:

> many thank.
> But I don't know how to write LocalAuthenticationProvider for http; svn;
> ssh protocol to use same as the Allura password.
> If possible. Can you give me some example?
>
> wangaguo
>
> 2013/5/18 Cory Johns <cjohns@slashdotmedia.com>
>
>> Each protocol uses a different authentication methods, but for the ones
>> that use local accounts (e.g., ssh, git under some configurations), you
>> could indeed have your LocalAuthenticationProvider subclass set the local
>> account password to the same as the Allura password.
>>
>>
>> On Thu, May 16, 2013 at 4:55 AM, 王再國 <wangaguo@gmail.com> wrote:
>>
>>> hi:
>>> yes, I asking about "how to integrate authentication in Allura with
>>> authentication for SCM access.".
>>> I am sorry for my english is not so good.
>>>
>>> We want use allura build a production forge site. Not a private forge.
>>> I have implemented subverion server. Include http; svn; ssh protocol.
>>> Use schroot; FUSE; LDAP.  But LDAP no sync with Allura.
>>> And I want use LocalAuthenticationProvider not LDAP.
>>>
>>> FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions
>>> API.
>>> But, ssh; https; svn; git; protocol need login authentication.
>>> If use API or subprocess calls to register a new user on SCM. How to set
>>> the password?
>>> Allura user password encode same with the linux password encode?
>>>
>>> wangaguo
>>>
>>>
>>> 2013/5/15 Cory Johns <cjohns@slashdotmedia.com>
>>>
>>>> I believe you are asking about how to integrate authentication in
>>>> Allura with authentication for SCM access; if I have misunderstood your
>>>> question, I apologize.
>>>>
>>>> In order to create, refresh, or remove repositories, the Allura taskd
>>>> worker needs to have file system write permissions to the SCM folders, but
>>>> for most normal operation it really only needs read access.  Beyond that,
>>>> it doesn't put any restrictions on authentication for SCM access itself.
>>>>
>>>> LDAP would certainly work to manage authentication, but it comes with
>>>> its own complications and I don't really have any experience setting up
>>>> LDAP for the SCM auth management.
>>>>
>>>> There are a couple of approaches you could take for integrating local
>>>> authentication with the SCM.  You could create a
>>>> LocalAuthenticationProvider subclass that registered new users with the SCM
>>>> authentication system via its API or subprocess calls.  For example, if you
>>>> are using local system account authentication (e.g., git over ssh), the
>>>> provider would need to call useradd via subprocess.
>>>>
>>>> Alternatively, you could use a single system user, possibly combined
>>>> with something like HTTP Basic Auth, to access the SCM, and then use a FUSE
>>>> filesystem to enforce access.  There is an implementation in the Allura
>>>> project under fuse/accessfs.py and documentation for using it under
>>>> Allura/docs/scm_host.rst.  This approach is more or less what we use at
>>>> SourceForge.
>>>>
>>>>
>>>> On Mon, May 13, 2013 at 10:56 PM, 王再國 <wangaguo@gmail.com> wrote:
>>>>
>>>>> hi:
>>>>> Allura auth.method = ldap or Local
>>>>>
>>>>> if use the ldap. SCM can setting auth use ldap.
>>>>> if use Local. SCM how to auth use Allura account?
>>>>>
>>>>> sourceforge how to auth? old sourceforge & allura & scm &
other app.
>>>>>
>>>>> wangaguo
>>>>>
>>>>
>>>>
>>>
>>
>

Mime
View raw message