Q: howto require per-branch authentication to commit or, push changes

[Maritza Mendez]

On Sat, Apr 4, 2009 at 9:50 AM, Adrian Wilkins <adrian.wilkins at gmail.com>wrote:

> > A lot of Windows shops would probably like to put bzr behind IIS and
> > configure NTLM or Kerberos security to control access giving them
> > password-less authentication and centralized user management.
>
> I'm using an IIS smart server with Basic authentication. One caveat is
> that certain versions of IIS don't support smart and dumb access at the
> same time without additional effort.
>
> For per-branch authentication, you can write permissions into your WSGI
> handler (see http://bazaar-vcs.org/ServerGuide/IIS) ; this presumably
> also works on Apache using the same WSGI technique.
>
> You could also use Apache on Windows, which is paradoxically easier to
> get SSPI working on because the mod_sspi module offers Basic as well as
> NTLM.
>
> If bzr supported it, I'd love client SSL certificate auth, something
> that both Apache and IIS support.
>
> I've also successfully configured SSH on windows (using a package of a
> Cygwin OpenSSH build).
>

Thank you.  This is encouraging.  I just posted that I am going to try
sshwindows (openssh with just enough cygwin to work) next week.  I am
assuming once authenticated normal windows users/groups  permissions will
apply and I can use groups to manage access.

I also think that adding per-branch ssl or pgp auth to bazaar would be
pretty easy.  I might try myself if my company would allow me to give it
back to the project.  Sadly I don;t think that will happen.  Maybe at my
next job!

-M


-M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/bazaar/attachments/20090404/5017b5e3/attachment.htm