Q: howto require per-branch authentication to commit or, push changes
Adrian Wilkins
adrian.wilkins at gmail.com
Sat Apr 4 17:50:30 BST 2009
> A lot of Windows shops would probably like to put bzr behind IIS and
> configure NTLM or Kerberos security to control access giving them
> password-less authentication and centralized user management.
I'm using an IIS smart server with Basic authentication. One caveat is
that certain versions of IIS don't support smart and dumb access at the
same time without additional effort.
For per-branch authentication, you can write permissions into your WSGI
handler (see http://bazaar-vcs.org/ServerGuide/IIS) ; this presumably
also works on Apache using the same WSGI technique.
You could also use Apache on Windows, which is paradoxically easier to
get SSPI working on because the mod_sspi module offers Basic as well as
NTLM.
If bzr supported it, I'd love client SSL certificate auth, something
that both Apache and IIS support.
I've also successfully configured SSH on windows (using a package of a
Cygwin OpenSSH build).
More information about the bazaar
mailing list