Setting up SVN server for multiple users over http
The SVN annotate feature is quite powerful and makes quick work of who to track down for a particular feature on a particular line of code. This feature is rendered slightly more limited (but still useful) if users access SVN via http. There are no credentials exchanged this way so the annotation shows no name for a line modified by by a developer who uses http to commit a change.
The question is, is there a way for a developer to pass credentials of some sort to SVN on the server to uniquely identify their commit? It is merely the presence of an ID that is required in this environment. Alternate methods such as svn+ssh and file protocols are not available. Finally, this server is on an internal LAN, not public. Tips for https also welcome.
The SVN server is running on Linux with Apache2.
in apache config:
<Location /svn>
DAV svn
SVNPath /mnt/big/svn
AuthType Basic
AuthName "SVN Server"
AuthUserFile /etc/apache2/svn.pass
Require valid-user
AuthzSVNAccessFile /etc/apache2/svn_authz
and /etc/apache2/svn_authz can contain fine-graned management of who can access what:
[groups]
ops=user1,user2
it=user2,user3
[/]
* = rw
[/ops]
* =
@ops=rw
[/ro]
* =
@ops = r
@it = r
user4 = rw
if you have ldap / active directory server at hand you can use it instead of AuthUserFile for apache authentication.
Since you are running SVN through Apache, you can take advantage of Apache's built-in authentication methods to control access / track changes to your repository. The sample below will work with an htaccess-style setup:
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /path/to/user/list
Require valid-user
You can configure this in an htaccess file, or in the VirtualHost configuration file.
Short answer: mod_authz_svn
You can have a little about apache + svn + mod_autz_svn and something more in my slides presented to the International PHP Conference '09 available at http://superalbert.it/download/misc/PHPCon09_SVN_advanced.pdf
This answer assumes your developers use Windows and your have a Active Directory domain controller.
You can join the Linux svn server to the domain by following this article.
From there, you configure apache to authenticate to the AD using Kerberos. First install mod_auth_kerb, then connect apache2 to kerberos for authentication. See Microsoft's documenation. Make sure you implement SSL if you are at all worried about the security between the client and the server.
After you are done, user's can log in with their Windows passwords and activities will be assigned to their user.
Unfortunately, I can't get you specific configuration details right now as I am out of the office and don't have access to our svn server.