SSH, Subversion, and possibly Kerberos

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Subversion has a serious problem with all of its command line clients: all of
them store your passwords in local clear-text. The usual way around this is to
use SSH keys, have people log in as the 'svn' user, and use a 'command=' line
in each SSH key to start up an svnserve connection, and use that.

This gets nutty, and makes key management awkawrd.

I'd like to have one of two things:

* A graceful tool for managing a common pool of public keys, one that allows a
user or manager to delete and add keys. A good GUI, such as a webmin module,
would be ideal, but I haven't seen one.

* Kerberize things: Set up Kerberized access, on the base RHEL 5 operating
systems and Windows clients that I'm using, to manage the account based access
without using Subversion stored clear-text local passwords. RHEL 5 has OpenSSH

Has anyone pursued either of these to completion, or pursued it even on a more
modern operating system, such as Fedora or Ubuntu?

Re: SSH, Subversion, and possibly Kerberos

Quoted text here. Click to load it

You said you have RHEL 5.  Do you also have CentOS systems?  If so,
you should ask this question of the CentOS discussion and information
mailing list ( -> Mailing Lists).  A lot of sysadmins
post there.  In fact, you might try just reading the archives.


Re: SSH, Subversion, and possibly Kerberos

Dale Dellutri wrote:
Quoted text here. Click to load it

I've got both, and for this kind of work, they're nearly identical. I've
deployed Beowulf clusters with CentOS effectively, so know it quite well. The
Subversion on RHEL is out of date, and I use the more recent, well-maintained
  subversion-1.5.2 from RPMforge, anyway.

Site Timeline