AuthenticatingHg » History » Version 13
Chris Cannam, 2010-08-04 04:19 PM
| 1 | 2 | Chris Cannam | h2. Authentication for Mercurial activity |
|---|---|---|---|
| 2 | 2 | Chris Cannam | |
| 3 | 2 | Chris Cannam | h3. Requirements |
| 4 | 2 | Chris Cannam | |
| 5 | 2 | Chris Cannam | # *Clone/pull from repo for public project*: Any user, no authentication required |
| 6 | 4 | Chris Cannam | # *Clone/pull from repo for private project*: Permitted users only |
| 7 | 4 | Chris Cannam | # *Push to repo for public project*: Permitted users only |
| 8 | 4 | Chris Cannam | # *Push to repo for private project*: Permitted users only |
| 9 | 11 | Chris Cannam | # *Create repo for public project*: User with manager role on project |
| 10 | 12 | Chris Cannam | # *Delete repo or carry out command-line admin tasks*: System admin only |
| 11 | 1 | Chris Cannam | |
| 12 | 10 | Chris Cannam | What constitutes a permitted user for limited push or pull activity? |
| 13 | 4 | Chris Cannam | |
| 14 | 4 | Chris Cannam | * A user who is a member of the project? |
| 15 | 4 | Chris Cannam | * A user who is identified in the [web] section of the repository? |
| 16 | 4 | Chris Cannam | * A user who is both a member and identified in the [web] section? |
| 17 | 4 | Chris Cannam | * A user who is either a member or identified in the [web] section? |
| 18 | 4 | Chris Cannam | * A user who is identified in the [web] section, if any, or is a member if there is no such section? |
| 19 | 5 | Chris Cannam | |
| 20 | 5 | Chris Cannam | h3. Techniques |
| 21 | 1 | Chris Cannam | |
| 22 | 10 | Chris Cannam | * Hg repository creation using "reposman.rb":http://temporary.lividcity.com/projects/soundsoftware-site/repository/entry/extra/svn/reposman.rb |
| 23 | 5 | Chris Cannam | * Apache authentication against Redmine user database using mod_auth_mysql (no support for LDAP-authenticated users?) |
| 24 | 13 | Chris Cannam | * Apache authentication against Redmine users using "the mod_perl module Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm ("local copy":http://temporary.lividcity.com/projects/soundsoftware-site/repository/entry/extra/svn/Redmine.pm) or a variant thereof. Redmine.pm was designed for SVN access via WebDAV, but the code itself handles access and authentication only? |
| 25 | 8 | Chris Cannam | * Hg repository [web]-section authorisation using "hgwebdir.cgi":http://mercurial.selenic.com/wiki/PublishingRepositories#Setting_up_the_hgweb.cgi_script |
| 26 | 7 | Chris Cannam | |
| 27 | 7 | Chris Cannam | Other links on this subject: |
| 28 | 7 | Chris Cannam | |
| 29 | 8 | Chris Cannam | * "Separation between authentication and authorisation activities":http://markmail.org/message/xmav6qg3is3xptve#query:+page:1+mid:xmav6qg3is3xptve+state:results |
| 30 | 8 | Chris Cannam | * "hgrc [web] section":http://www.selenic.com/mercurial/hgrc.5.html#web |
| 31 | 8 | Chris Cannam | * "Using mod_auth_mysql to authenticate against the Redmine database directly":http://maff.ailoo.net/2009/03/authenticate-apache-against-redmine-with-authmysql/ |