unified password control, svn and redmine users

Added by Sean Jensen-Grey almost 9 years ago

I just installed Redmine/Nginx/WebDav/Apache/SVN this weekend. I really like the whole setup. Redmine itself was super easy to install and get running under MySQL.

What I would like is when I create/update a user in Redmine that the BasicAuth password file controlling SVN is updated at the same time.

I thought I had this figured out when I saw that the Redmine passwords were hashed with SHA1, cool I will just write a quick script to extract them from the DB and populate the htpasswd file.

http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

BUT! Nginx which I use to wrap a WebDav Share + SVN + Redmine + a paste bin app into a single entry point cannot use SHA1 passwords, it can only use crypt.

I have never programmed in Ruby, I can hardly understand the syntax. So I am completely lost for now when it comes to working with Redmine's code.

I found the users.rb file in models, I patched in a call to system() to exec a python script to set the passwords. But it only works for update, not create so now I have to

1. create user
2. reset password

Then I have unified password control from redmine and don't need to enter the password in two places.

What do people think about adding the path to the .htpasswd file that controls access for svn and letting redmine manage those passwords as well? Full authz, user, groups stuff could come later.

Would the patch be against, /app/models/user.rb or would it go somewhere else?

Thoughts? How do you handle user/password management?

Replies (4)

RE: unified password control, svn and redmine users - Added by Sean Jensen-Grey almost 9 years ago

I found some other posts in the forums that might be of instance

Hacking alternative authentication sources

http://www.redmine.org/boards/1/topics/show/495

Mac OS X Identity Services Authentication Hack

http://www.redmine.org/boards/1/topics/show/2468

Sean

RE: unified password control, svn and redmine users - Added by Nicolas Chuche almost 9 years ago

What I would like is when I create/update a user in Redmine that the BasicAuth password file controlling SVN is updated at the same time.

In the howtos, there's one to single sign on between redmine and SVN : http://www.redmine.org/wiki/redmine/HowTos

Perhaps it's enough for you ?

RE: unified password control, svn and redmine users - Added by Sean Jensen-Grey almost 9 years ago

Thanks for the pointers, I overlooked the HowTos.

This link, http://www.redmine.org/wiki/redmine/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl shows how to hook up an external authentication handler to Apache. So that the BasicAuth system can use the MySQL database to authenticate incoming SVN users.

This works wonderfully if Apache is in charge, I have a mixture of Nginx and Apache and Nginx's auth schemes are a little behind the curve.

Options:

  1. switch to all apache, this would be hard as Nginx really shines with its reverse proxy support, each to tie many different apps together.
  2. create/find Nginx module to support pluggable BasicAuth
  3. patch code a little more cleanly to update passwords in N locations on create/update

I think for now I am fine having code update the password in N places, just not me.

RE: unified password control, svn and redmine users - Added by Nicolas Chuche almost 9 years ago

You can use apache in front of svn/git just for authentication and, if you need it, nginx as reverse proxy in front of the apache.

(1-4/4)