Ответ простой - использовать одну систему авторизации. Я использую системную, в тех случаях где можно перейти на pam или авторизацию по паролю я это делаю при первой возможности. Для доступа на сайт обязательно использование SSL шифрования (https) что бы системные логины не летали по http протоколу в открытую. Итак конфигруация.
Создание репозитория svn и настройка trac довольно хорошо описана в интернете потому просто приведу пути до репозиториев и конфигруацию apache + ssl (libapache2-mod-authnz-external).
# apt-get install libapache2-mod-authnz-external
# a2enmod authnz_external
# a2enmod ssl
# a2enmod dav
# a2enmod dav_fs
# a2enmod authz_unixgroup
# a2ensite default-ssl
Настройка git репозитория на стороне сервера требует нескольких шагов:
- git init --bare web_repo или git clone --bare source web_repo
- cd web_repo; mv hooks/post-update.sample hooks/post-update; ./hooks/post-update
- chmod a+rw -R .
/var/lib/svn
- README.txt
- conf
- dav
- db
- format
- hooks
- locks
- svn
- README
- VERSION
- attachments
- conf
- db
- htdocs
- log
- plugins
- templates
- axet --> /home/axet/git
/etc/apache2/conf.d/trac
ScriptAlias /trac /var/www/trac/cgi-bin/trac.fcgi/
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
<Location /trac>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonInterpreter main
PythonOption TracEnv /var/lib/trac
PythonOption TracUriRoot /trac
SetEnv PYTHON_EGG_CACHE /tmp
AuthType Basic
AuthName "Your company project name"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
Require group developers
SSLOptions +StrictRequire
SSLRequireSSL
</Location>
<Location "/trac/login">
AuthPAM_Enabled On
AuthType Basic
AuthName "Your company project name"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
Require group developers
SSLOptions +StrictRequire
SSLRequireSSL
</location>
/etc/apache2/conf.d/svn
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
<Location /svn>
DAV svn
SVNPath /var/lib/svn
AuthzSVNAccessFile /var/lib/svn/conf/authz
AuthType Basic
AuthName "Your company project name"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
Require group developers
SSLOptions +StrictRequire
SSLRequireSSL
</Location>
/etc/apache2/conf.d/hg
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
ScriptAlias /hg /var/lib/hg/hgweb.cgi
<Location /hg>
AuthType Basic
AuthName "Your company project name"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
Require group developers
SSLOptions +StrictRequire
SSLRequireSSL
</Location>
/etc/apache2/conf.d/git
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
SetEnv GIT_PROJECT_ROOT /var/lib/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location /git>
AuthType Basic
AuthName "Your company project name"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
AuthzUnixgroup on
Require group developers
SSLOptions +StrictRequire
SSLRequireSSL
</Location>
/var/lib/hg/hgweb.cgi
#!/usr/bin/env python
#
# An example hgweb CGI script, edit as necessary
# See also http://mercurial.selenic.com/wiki/PublishingRepositories
# Path to repo or hgweb config to serve (see 'hg help hgweb')
config = "/var/lib/hg/repos"
# Uncomment and adjust if Mercurial is not installed system-wide:
#import sys; sys.path.insert(0, "/path/to/python/lib")
# Uncomment to send python tracebacks to the browser if an error occurs:
#import cgitb; cgitb.enable()
import os
os.environ["HGENCODING"] = "UTF-8"
from mercurial import demandimport; demandimport.enable()
from mercurial.hgweb import hgweb, wsgicgi
application = hgweb(config)
wsgicgi.launch(application)
/var/lib/hg/repos
[collections]
/var/lib/hg = /var/lib/hg
0 коммент.:
Отправить комментарий