Q: howto require per-branch authentication to commit or, push changes
martitzam at gmail.com
Sat Apr 4 20:10:52 BST 2009
On Sat, Apr 4, 2009 at 9:50 AM, Adrian Wilkins <adrian.wilkins at gmail.com>wrote:
> > A lot of Windows shops would probably like to put bzr behind IIS and
> > configure NTLM or Kerberos security to control access giving them
> > password-less authentication and centralized user management.
> I'm using an IIS smart server with Basic authentication. One caveat is
> that certain versions of IIS don't support smart and dumb access at the
> same time without additional effort.
> For per-branch authentication, you can write permissions into your WSGI
> handler (see http://bazaar-vcs.org/ServerGuide/IIS) ; this presumably
> also works on Apache using the same WSGI technique.
> You could also use Apache on Windows, which is paradoxically easier to
> get SSPI working on because the mod_sspi module offers Basic as well as
> If bzr supported it, I'd love client SSL certificate auth, something
> that both Apache and IIS support.
> I've also successfully configured SSH on windows (using a package of a
> Cygwin OpenSSH build).
Thank you. This is encouraging. I just posted that I am going to try
sshwindows (openssh with just enough cygwin to work) next week. I am
assuming once authenticated normal windows users/groups permissions will
apply and I can use groups to manage access.
I also think that adding per-branch ssl or pgp auth to bazaar would be
pretty easy. I might try myself if my company would allow me to give it
back to the project. Sadly I don;t think that will happen. Maybe at my
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bazaar