From users-return-20232-apmail-subversion-users-archive=subversion.apache.org@subversion.apache.org  Mon Nov 25 10:43:59 2013
Return-Path: <users-return-20232-apmail-subversion-users-archive=subversion.apache.org@subversion.apache.org>
X-Original-To: apmail-subversion-users-archive@minotaur.apache.org
Delivered-To: apmail-subversion-users-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B649A10C33
	for <apmail-subversion-users-archive@minotaur.apache.org>; Mon, 25 Nov 2013 10:43:59 +0000 (UTC)
Received: (qmail 61939 invoked by uid 500); 25 Nov 2013 10:43:58 -0000
Delivered-To: apmail-subversion-users-archive@subversion.apache.org
Received: (qmail 61694 invoked by uid 500); 25 Nov 2013 10:43:58 -0000
Mailing-List: contact users-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@subversion.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@subversion.apache.org>
List-Post: <mailto:users@subversion.apache.org>
List-Id: <users.subversion.apache.org>
Delivered-To: mailing list users@subversion.apache.org
Received: (qmail 61687 invoked by uid 99); 25 Nov 2013 10:43:57 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Nov 2013 10:43:57 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [66.111.4.25] (HELO out1-smtp.messagingengine.com) (66.111.4.25)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Nov 2013 10:43:51 +0000
Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43])
	by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 748C1208EE;
	Mon, 25 Nov 2013 05:43:30 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
  by compute3.internal (MEProxy); Mon, 25 Nov 2013 05:43:30 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	daniel.shahaf.name; h=date:from:to:cc:subject:message-id
	:references:mime-version:content-type:in-reply-to; s=mesmtp; bh=
	GPS/y1gWHUAdSnuAtwy1n/40ygo=; b=V6iunqw/8bJoeRCtfe9Yq5kiKmrFufzG
	sNPKakQHGs19bk4kpucXOPoiFP7Gb2Dkj1YvaVv636LkZoZCVvVTJfs716turxOV
	5NVvsCVydqnwldkQ//BxqoZ06X0KstGWNLEYwTD7QbXQQBdW2oNc1Kxj0YN8yr1R
	t7ytGbDTlEw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=date:from:to:cc:subject:message-id
	:references:mime-version:content-type:in-reply-to; s=smtpout;
	 bh=GPS/y1gWHUAdSnuAtwy1n/40ygo=; b=NCxo4W69uumOiESHO1cTcsfhRW4F
	FzNm9kWpMgNEzQPWWQOwnUYPaXGBy+PhfJKRRafdvrgOdt7iN96niUf+yMSgO4Fh
	KHSLmJKRjKyod9MHZR8k9Mgy6QCGwrdtduXEPS4w1Qw7W9+JpzDkutSHaNXAkvR9
	tCcdStAK54ug8Oo=
X-Sasl-enc: hhrXk5FE5qDrwrREynXf6W29JRUEjavkpO4H25egguNi 1385376209
Received: from lp-shahaf.local (unknown [79.183.3.182])
	by mail.messagingengine.com (Postfix) with ESMTPA id A6986C00E8A;
	Mon, 25 Nov 2013 05:43:29 -0500 (EST)
Date: Mon, 25 Nov 2013 12:43:15 +0200
From: Daniel Shahaf <d.s@daniel.shahaf.name>
To: sbremal@hotmail.com
Cc: users@subversion.apache.org
Subject: Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
Message-ID: <20131125104315.GA4251@lp-shahaf.local>
References: <20131122230716.GE3991@lp-shahaf.local> <DUB126-W834CDF666D7574806515EA9ED0@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <DUB126-W834CDF666D7574806515EA9ED0@phx.gbl>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Checked: Checked by ClamAV on apache.org

sbremal@hotmail.com wrote on Mon, Nov 25, 2013 at 10:24:16 +0000:
> Correct, default SSH port is not open on the corporate firewall. I am
> sure there are workarounds, however having contractual obligations not
> sure I should try hard to be unorthodox.

I still suggest that you try to run sshd.  If you can't convince them to
open port 22, try to convince them to run sshd on port 1022.  That's not
unorthodox, it's common practice for evading vulnerability scanners and
root-login-attemptors.

Daniel

> SSH + SVN is my favourite and will stay with it as the primary access method. If I could top it with HTTP access using the existing Unix authentication and authorization framework, I would be more than happy. After all Unix works for tens of years, why to change it???
> 
> Other alternative would be to force Apache to spawn MOD_DAV_SVN processes as the authenticated user, wonder if it is possible, or has any inadvertent complications.
> 
> 
> B.
> 
> ----------------------------------------
> > Date: Sat, 23 Nov 2013 01:07:16 +0200
> > From: d.s@daniel.shahaf.name
> > To: sbremal@hotmail.com
> > CC: users@subversion.apache.org
> > Subject: Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
> >
> > sbremal@hotmail.com wrote on Thu, Nov 21, 2013 at 18:37:21 +0000:
> >> I am very happy with the SSH + 'svnserve' access to my repositories,
> >> however due to firewall issues I need access through HTTP as well.
> >> What I do not want is to set up a 2nd authentication / authorization
> >> database.
> >
> > What are the "firewall issues", exactly? Why can't you use svn+ssh?
> > Can you run sshd on port 80 (which would allow you to use svn+ssh
> > without httpd at all)?
> >
> > Daniel