many thank.
But I don't know how to write LocalAuthenticationProvider for http; svn; ssh protocol to use same as the Allura password.
If possible. Can you give me some example?

wangaguo

2013/5/18 Cory Johns <cjohns@slashdotmedia.com>
Each protocol uses a different authentication methods, but for the ones that use local accounts (e.g., ssh, git under some configurations), you could indeed have your LocalAuthenticationProvider subclass set the local account password to the same as the Allura password.


On Thu, May 16, 2013 at 4:55 AM, 王再國 <wangaguo@gmail.com> wrote:
hi:
yes, I asking about "how to integrate authentication in Allura with authentication for SCM access.".
I am sorry for my english is not so good.

We want use allura build a production forge site. Not a private forge.
I have implemented subverion server. Include http; svn; ssh protocol.
Use schroot; FUSE; LDAP.  But LDAP no sync with Allura. 
And I want use LocalAuthenticationProvider not LDAP.

FUSE fuse/accessfs.py, only check permission from /auth/repo_permissions API.
But, ssh; https; svn; git; protocol need login authentication.
If use API or subprocess calls to register a new user on SCM. How to set the password?
Allura user password encode same with the linux password encode?

wangaguo


2013/5/15 Cory Johns <cjohns@slashdotmedia.com>
I believe you are asking about how to integrate authentication in Allura with authentication for SCM access; if I have misunderstood your question, I apologize.

In order to create, refresh, or remove repositories, the Allura taskd worker needs to have file system write permissions to the SCM folders, but for most normal operation it really only needs read access.  Beyond that, it doesn't put any restrictions on authentication for SCM access itself.

LDAP would certainly work to manage authentication, but it comes with its own complications and I don't really have any experience setting up LDAP for the SCM auth management.

There are a couple of approaches you could take for integrating local authentication with the SCM.  You could create a LocalAuthenticationProvider subclass that registered new users with the SCM authentication system via its API or subprocess calls.  For example, if you are using local system account authentication (e.g., git over ssh), the provider would need to call useradd via subprocess.

Alternatively, you could use a single system user, possibly combined with something like HTTP Basic Auth, to access the SCM, and then use a FUSE filesystem to enforce access.  There is an implementation in the Allura project under fuse/accessfs.py and documentation for using it under Allura/docs/scm_host.rst.  This approach is more or less what we use at SourceForge.


On Mon, May 13, 2013 at 10:56 PM, 王再國 <wangaguo@gmail.com> wrote:
hi:
Allura auth.method = ldap or Local

if use the ldap. SCM can setting auth use ldap.
if use Local. SCM how to auth use Allura account?

sourceforge how to auth? old sourceforge & allura & scm & other app.

wangaguo