Paul Osman » SCM http://blog.eval.ca Thoughts on Software and Other Things Wed, 07 Jul 2010 18:56:48 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Perforce Knowledge Base Launched http://blog.eval.ca/2007/11/04/perforce-knowledge-base-launched/ http://blog.eval.ca/2007/11/04/perforce-knowledge-base-launched/#comments Sun, 04 Nov 2007 10:21:59 +0000 paul http://blog.paulosman.com/?p=23 In case you missed the announcement, the Perforce Knowledge Base is now available. Click here for more information about the technology driving the site.

]]> http://blog.eval.ca/2007/11/04/perforce-knowledge-base-launched/feed/ 0 Perspectives on SCM http://blog.eval.ca/2007/06/20/perspectives-on-scm/ http://blog.eval.ca/2007/06/20/perspectives-on-scm/#comments Wed, 20 Jun 2007 20:33:40 +0000 paul http://blog.paulosman.com/?p=21 So I know this is old news by now, but Linus Torvalds gave a talk last month on git, the version management system he wrote. He spends quite a lot of time bashing other SCM systems, particularly Perforce and Subversion. He writes off CVS entirely, which is perhaps warranted, but I thought his views on the other two products were way off. He doesn’t really explain why he thinks that Perforce “should just go away”, so I can’t really comment on that, but curiously he does go on to complain about things that Perforce actually does rather well (like branching and merging). He also says clearly that he “is not an SCM person”, so I guess that explains it.

For a much more informative and useful presentation on SCM, check out Laura Wingerd’s (someone who is an SCM person) presentation at Google Talks:

]]> http://blog.eval.ca/2007/06/20/perspectives-on-scm/feed/ 0 PAM Authentication for Apache, Trac and SVN http://blog.eval.ca/2007/01/04/pam-authentication-for-apache-trac-and-svn/ http://blog.eval.ca/2007/01/04/pam-authentication-for-apache-trac-and-svn/#comments Thu, 04 Jan 2007 20:45:38 +0000 paul http://blog.paulosman.com/?p=11 I’m going to describe how to get two of my favourite development tools, Trac and Subversion, to authenticate against PAM (Pluggable Authentication Module). For those who might not be familiar, Trac is a wiki that has integrated SCM and issue tracking. It’s written in Python and it’s incredibly useful. I’ve been using Subversion for version control for a long time and Trac is perfect for documenting a project as you go, and for keeping track of tasks and bugs. It’s access control settings allow you to specify levels of access for different users, so I often create one group for me and any other developers, and another group for my clients. The clients group can update the wiki, create tickets and get reports or look at milestones, etc. The developers group can administer all aspects of the site. Anyway, as useful as Trac and SVN are, I started to get really sick of handling authentication for them. I used to set up htpasswd files for each repository and wiki and it got to be a real pain, especially when I wanted my clients or developers to also have email, shell access, etc. So I decided to try and get mod_pam_auth working so I could use existing system accounts for Trac and Subversion access (over SSL of course).

mod_auth_pam is an Apache module that implements Basic authentication on top of the Pluggable Authentication Module. Unfortunately, as the project page says, the module is no longer being maintained which is unfortunate, but it works well enough with Apache 2.0.

Installing the module is pretty straightforward if you’re familiar installing Apache modules. I won’t go into too much detail, but as usual you’ll need to load the module in your Apache configuration: 

LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so

Once that’s done you can easily set up basic authentication with PAM. Because Basic authentication involves sending a username + password combination in plain text, this setup should not be used without SSL. Within my VirtualHost configuration, I define separate location configs for each trac site and svn repository. It all looks something like this: 

<VirtualHost 123.321.123.321:443>
    ServerName host.domain.tld
    SSLEngine On
    ...
    # Trac config
    <Location /trac>
       SetHandler mod_python
       PythonHandler trac.web.modpython_frontend 
       PythonOption TracEnvParentDir /var/lib/trac
       PythonOption TracUriRoot /trac
    </Location>
 
    <Location "/trac/tracsiteone/login">
       AuthPAM_Enabled On
       AuthType Basic
       AuthName "trac site # 1"
       Require user paul
    </Location>
 
    <Location "/trac/tracsitetwo/login">
       AuthPAM_Enabled On
       AuthType Basic
       AuthName "trac site # 2"
       Require group developers
    </Location>
 
    # Subversion config
    <Location /svn>
       DAV svn
       SVNParentPath /var/svn
       SVNListParentPath On
       SVNAutoVersioning On
    </Location>
 
    <Location "/svn/repositoryone">
       AuthPAM_Enabled On
       AuthType Basic
       AuthName "Repo # 1"
       Require user paul
    </Location>
 
    <Location "/svn/repositorytwo">
       AuthPAM_Enabled On
       AuthType Basic
       AuthName "Repo # 2"
       Require group developers
    </Location>
</VirtualHost>

So what we have now is two SVN repositories and two Trac wikis. For the first trac wiki and the first subversion repository, only the user ‘paul’ is given access. For the second, any valid user in the ‘developers’ group has access. Unfortunately there’s an issue with shadow passwords and this module and I’m not entirely happy with the work-around so I may have to edit this setup to use mod_authnz_external or maybe I’ll eventually move to LDAP. Regardless, I find this works well enough for now and saves a lot of hassle maintaining separate authentication files.

]]> http://blog.eval.ca/2007/01/04/pam-authentication-for-apache-trac-and-svn/feed/ 6