AuthenticatingHg » History » Version 13

« Previous - Version 13/25 (diff) - Next » - Current version
Chris Cannam, 2010-08-04 04:19 PM


Authentication for Mercurial activity

Requirements

  1. Clone/pull from repo for public project: Any user, no authentication required
  2. Clone/pull from repo for private project: Permitted users only
  3. Push to repo for public project: Permitted users only
  4. Push to repo for private project: Permitted users only
  5. Create repo for public project: User with manager role on project
  6. Delete repo or carry out command-line admin tasks: System admin only

What constitutes a permitted user for limited push or pull activity?

  • A user who is a member of the project?
  • A user who is identified in the [web] section of the repository?
  • A user who is both a member and identified in the [web] section?
  • A user who is either a member or identified in the [web] section?
  • A user who is identified in the [web] section, if any, or is a member if there is no such section?

Techniques

  • Hg repository creation using reposman.rb
  • Apache authentication against Redmine user database using mod_auth_mysql (no support for LDAP-authenticated users?)
  • Apache authentication against Redmine users using the mod_perl module Redmine.pm (local copy) or a variant thereof. Redmine.pm was designed for SVN access via WebDAV, but the code itself handles access and authentication only?
  • Hg repository [web]-section authorisation using hgwebdir.cgi

Other links on this subject: