subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <>
Subject Re: path-based authorization, users an groups synchronisation between master and slave
Date Tue, 02 Oct 2012 12:01:30 GMT
On Tue, Oct 2, 2012 at 7:48 AM, Stefan Sperling <> wrote:
> On Tue, Oct 02, 2012 at 10:57:30AM +0200, david fasani wrote:
>> Hi All,
>> I have a active write-through proxying between a master SVN and 2
>> slaves. I'm looking is there a way to synchronise the path-based
>> authorization, users and groups configuration.
>> I searched a lot on web and found no links telling about how to set it up.
>> I wonder if anyone would have suggestions.
>> Any pointers on how I could achieve that?
> You'll somehow have to keep the corresponding configuration files in
> sync between servers. Subversion has no built-in support for this,
> unfortunately. Maybe it will at some point in the future.
> Until then, tools such as rsync can help, see

There are also some approaches that can help rigorously manage such
configurations. I long for some Subversion developer to write
something like the "gitosis" tool, which manages SSH keys for git's
SSH based access, and which could use a Subversion repository to
manage SSH keys for other Subversion repositories. It would make my
preferred use of svn+ssh much easier.

I'd definitely review how you do authentication. Common authentication
technologies such as LDAP and Kerberos based authentication is very
handy to have HTTPS access with a shared account management and is
fairly easily tied to Active Directory account management. So it could
reduce the overhead of managing identical accounts across multiple
Subversion servers. But it leaves you at risk of storing people's
login passwords in $HOME/.subversoin/ with Linux and UNIX clients,
especially those before Subversion 1.6, and should be approached......

I'll bet WanDisco's multiple master technology for Subversion also has
some good hooks for account management. You might ask them.

View raw message