recommendations for non-ssh setups with many users?
Lasse Kliemann
lasse at lassekliemann.de
Sat May 30 08:23:26 UTC 2015
Thomas Klausner <tk at giga.or.at> writes:
> What is the recommended setup to allow hundreds of users to push to a
> repository, but not allow everyone? I want to avoid setting up Unix
> user accounts for all of them.
I am using both, for around 50 users:
* SSH-based with a single account, users are recognized by their
SSH keys. The 'command=' directive in '~/.ssh/authorized_keys' makes
this possible.
* HTTPS-based with Apache, users are in a password file maintained using
'htpasswd'. Using 'allow_push', it can be controlled who is allowed to
push. There is also an 'allow_read' option.
I would recommend the second method since:
- it works with passwords (which it seems is easier for many users than
SSH keys, unfortunately);
- managing the password file with 'htpasswd' and/or a text editor seems
a bit easier at times than editing the 'authorized_keys', especially
with many users;
- it gives users also the web interface (browse history, view files).
I can provide details on any of the two solutions if requested.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.mercurial-scm.org/pipermail/mercurial/attachments/20150530/bfe52218/attachment.asc>
More information about the Mercurial
mailing list