Keys for Users
Added by James Rosen over 14 years ago
I would like to install Redmine locally mostly just to manage repositories. One thing we will need is keypairs instead of password access for Subversion access (not for Redmine access). Is there already a plugin project for this? If not, is there general interest in such a thing either as a plugin or as a core module?
I would imagine the following three pieces would be needed:
1. upload public key
2. generate public/private key pair
3. write Subversion authentication configuration
Number one is dead simple. Number two is only slightly harder as it involves a little OpenSSL work. It's number three that I can't figure out.
Replies (4)
RE: Keys for Users - Added by James Rosen over 14 years ago
I just realized I wasn't specific enough in that first post. As far as I can tell, there are two different kinds of key-based access for Subversion. The first is RSA/DSA key-pairs for svn+ssh access. The second is p12 files for SSL (HTTPS) access. I'm specifically interested in the second, though I could see the value of the first as well.
RE: Keys for Users - Added by Felix Schäfer over 14 years ago
No plugin that I'd know of, and the generally accepted way of serving svn repos is over http/webdav, Redmine has a facility to enable integration of subverion over http with apache with passwords. The only thing remotely close to this would be the gitosis plugin, but you would still need to adapt the whole thing to svn, which I wouldn't qualify as easy.
As for interest for this: you're the first I hear of, as already said, the most-used authentication and transport scheme for svn is http basic auth and http/https/webdav.
RE: Keys for Users - Added by James Rosen over 14 years ago
Alas. You're certainly right that HTTP basic is the most common authentication method for Subversion. Unfortunately, we have policy requiring two-factor authentication for these repositories. Ah well.
RE: Keys for Users - Added by Felix Schäfer over 14 years ago
Not sure how this works for certificate signon over http, but in the end the perl auth module provided for http basic auth has everything needed for fetching whatever you like from the redmine db for auth, the authorization can stay the same. You'd "just" have to write a plugin so that your users can upload their key (or even easier: store it in a custom field, the query work for that is the littlest bit more complicated), and adapt the perl auth provider to understand certificate signon. I suppose their are some examples on how to do this with mod_perl out there, but you'll have to do the getting all the pieces together work yourself.