Access control

[Vincent Ladeuil]

>>>>> "Jeff" == Jeffrey Cunningham <jeffrey.k.cunningham at boeing.com> writes:

    Jeff> John Arbash Meinel wrote:
    >> At this point, we have shelved Access Control off to the side as being
    >> handled at a higher level.
    >> 
    >> You could configure apache to have a different password for everyone. I
    >> think you can even hook it into PAM, so that they can use the same
    >> passwords everywhere. I do remember that it can use a plain .htpassword
    >> file, or you can get trickier and authenticate against a full database.
    >> 

    Jeff> I have apache now set up to require user authentication via
    Jeff> encrypted authentication (digest). 
    Jeff> It works for browsing webpages inside the repository.

    Jeff> But when I try to create a branch now it fails with this message:

    Jeff> jcunningham at medea ~/junk $ bzr branch
    Jeff> http://medea.sea.boeing.com/~jcunningham/docs
    Jeff> bzr: ERROR: Invalid http response for
    Jeff> http://medea.sea.boeing.com/~jcunningham/docs/.bzr/branch-format:
    Jeff> Unable to handle http code 401: Authorization Required

You have to specify both user and password in the url:

bzr branch http://jeff:password@medea.sea.boeing.com/~jcunningham/docs

But digest authentication is not supported by the urllib
implementation so far, so you have to either use basic auth or
use the pycurl implementation which require the pycurl package to
be installed.

Explicitly selecting an implementation for http is done like this:

bzr branch http+urllib://xxx
bzr branch http+pycurl://xxx

Or you can use htpps.

Being able to specify the user only and be prompted for the
password is planned.

   Vincent