I wanna know, how I can set user name and password for each user in TortoiseSVN and I already did these steps to made repository:
- Created a file then created repository in this file.
- Changed " svnserve.conf " in conf file.
- Then set all user and them passwd in conf file.
- I changed authz to access my repository also including in conf file.
I try and try to Authentication many of users for each project but as file not Http.
I hope to someone help me in this issue.
I'm having trouble understanding your question, but it sounds to me like you ought to move to integrating Apache with SVN. That will give you the ability to give users different levels of access on a per-directory basis.
Refer to the sectino Per-Directory Access Control in the svn book:
It's possible to set up finer-grained
permissions using a second Apache
httpd module, mod_authz_svn. This
module grabs the various opaque URLs
passing from client to server, asks
mod_dav_svn to decode them, and then
possibly vetoes requests based on
access policies defined in a
configuration file.
Related
We are going to change cassandra setting from authenticator: AllowAllAuthentication to authenticator: PasswordAuthenticator
to enable role-based authentication. There will be two roles:
admin which is a superuser
read-only which is only allowed to read.
I would like to provide backward compatibility for users of the cassandra cluster. More specifically,
many users use
shell script that uses cqlsh
python cassandra package
php cassandra package
to only read data from cassandra. Currently they don't specify any username or password. Therefore
I would like to make read-only role some sort of a "default" role, i.e. if no username and password provided,
then the role is automatically set to read-only so the users can read data and thus clients don't need to change their code.
Is there a way to do this? I'm currently having trouble in the following two parts:
the default user is cassandra if there is no role / user specified in cqlsh. I did not find a way to set default user / role.
and for the default user cassandra, I still have to set a password for it.
Any suggestions would be appreciated! Thanks in advance.
I come from an oracle background, were I've done "sqlplus "/as sysdba"" for years. I like it because the O/S authenticates me. Now, there is something similar in Cassandra, but it isn't secure. Basically in your home directory there is a subdirectory called ".cassandra" (hidden). In that directory there is a file (if there isn't, create one) called "cqlshrc" (so ~/.cassandra/cqlshrc). That file you can add authentication information that will allow someone to log in by simply typing "cqlsh" without anything else (unless you're doing remote where you need "host" and "port"). The cqlshrc file has, among other things an authentication section that looks like this:
[authentication]
username = <your_user_name>
password = <your_password>
So you could simply put your desired username and password in that file and you're essentially able to connect without supplying your username and password (You could also run "cqlsh -u your_user_name" and it will find your password in your cqlshrc file as well).
You can see a few obvious issues here:
1) The password is in clear text
2) If you change the password you need to change the password in the cqlshrc file
I do not recommend you use the "cassandra" user for ANYTHING. In fact, I'd drop it. The reason is because the cassandra user does everything with CL=quorum. We found this out when investigating huge I/O requests coming from OpsCenter and our backup tool (as you can see, we use DSE). They were all using cassandra and pounding on the node(s) that had the cassandra authentication information. It's baked into the code apparently to have CL=quorum - kinda dumb. Anyway, the above is one way to have users log in with a specific user and not provide credentials making it pretty easy to switch.
Hope that helps
-Jim
We are running GitLab EE Version 8.17.0-ee. To manage the amount of Users, we want to add and administrate them via ldap groups. We know that there are some ldap settings in the gitlab.rb file. We can definde a user base and also a admin group at
gitlab_rails['ldap_servers'] = ...
[...]
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
#
But we miss the option to define user groups which we can use to automatically give permissions after those users are assignet to specific groups/projects.
Seen in this video there was a feature called Linked LDAP Groups. But in the newest version I cant find it. Is there any other way to configure GitLab to perform this?
I think I found an possible answer to my question. We forgot to set the group_base in the gitlab.yml file. link
Im trying to configure Xampp as I have done before and everything use to work.
Now, I am a bit concerned because even though I have set a password for my PhpMyadmin(exactly as I have done in the past), the system doesn't ask me to log in at anytime. What has changed?
Before I had to log in with username "root" and password and now it doesn't ask for it?
With phpMyAdmin, there are different means of authenticating ("auth_types"). These are generally set in the configuration file, config.inc.php, using a line like $cfg['Servers'][$i]['auth_type'] = 'cookie';.
Using cookie or http prompt the user for username and password when connecting; config means it's hardcoded in to the configuration file and you're automatically connected. The default in the official phpMyAdmin distribution is cookie, however it sounds like XAMPP makes it config. You should be able to change that simply by editing the config.inc.php file and changing (or adding) the line mentioned above..
I have the following setup:
A server (centOS) with git and a repository for a project on the same server.
What I need to do is to be able to pull from the repository without being asked for password (because is annoying).
Note: I am logged as root when I pull.
Can anyone help me with that?
There are a few options, depending on what your requirements are, in particular your security needs. For both HTTP and SSH, there is password-less, or password required access.
HTTP
==============
Password-Less
Useful for fetch only requirements, by default push is disabled. Perfect if anonymous cloning is the intention. You definitely shouldn't enable push for this type of configuration. The man page for git-http-backend contains good information, online copy at http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html. It provides an example of how to configure apache to provide this.
User/password in .netrc or url embedded
Where .netrc files are using in the form:
machine <hostname> login <username> password <password>
And embedded urls would be in the form:
http://user:pass#hostname/repo
Since git won't do auth for you, you will need to configure a webserver such as apache to perform the auth, before passing the request onto the git tools. Also keep in mind that using the embedded method is a security risk, even if you use https since it is part of the url being requested.
If you want to be able to pull non-interactive, but prevent anonymous users from accessing the git repo, this should be a reasonably lightweight solution using apache for basic auth and preferably the .netrc file to store credentials. As a small gotcha, git will enable write access once authentication is being used, so either use anonymous http for read-only, or you'll need to perform some additional configuration if you want to prevent the non-interactive user from having write access.
See:
httpd.apache.org/docs/2.4/mod/mod_auth_basic.html for more on configuring basic auth
www.kernel.org/pub/software/scm/git/docs/git-http-backend.html for some examples on the apache config needed.
SSH
==============
Passphrase-Less
Opens up for security issues, since anyone who can get a hold of the ssh private key can now update the remote git repo as this user. If you want to use this non-interactively, I'd recommend installing something like gitolite to make it a little easier to ensure that those with the ssh private key can only pull from the repo, and it requires a different ssh key pair to update the repo.
See github.com/sitaramc/gitolite/ for more on gitolite.
stromberg.dnsalias.org/~strombrg/ssh-keys.html - for creating password less ssh keys:
May also want to cover managing multiple ssh keys: www.kelvinwong.ca/2011/03/30/multiple-ssh-private-keys-identityfile/
Passphase protected
Can use ssh-agent to unlock on a per-session basis, only really useful for interactive fetching from git. Since you mention root and only talk about performing 'git pull', it sounds like your use case is non-interactive. This is something that might be better combined with gitolite (github.com/sitaramc/gitolite/).
Summary
==============
Using something like gitolite will abstract a lot of the configuration away for SSH type set ups, and is definitely recommended if you think you might have additional repositories or need to specify different levels of access. It's logging and auditing are also very useful.
If you just want to be able to pull via http, the git-http-backend man page should contain enough information to configure apache to do the needful.
You can always combine anonymous http(s) for clone/pull, with passphrase protected ssh access required for full access, in which case there is no need to set up gitolite, you'll just add the ssh public key to the ~/.ssh/authorized_keys file.
See the answer to this question. You should use the SSH access instead of HTTPS/GIT and authenticate via your SSH public key. This should also work locally.
If you're using ssh access, you should have ssh agent running, add your key there and register your public ssh key on the repo end. Your ssh key would then be used automatically. This is the preferred way.
If you're using https access, you one would either
use a .netrc file that contains the credentials or
provide user/pass in the target url in the form https://user:pass#domain.tld/repo
With any of these three ways, it shouldn't ask for a password.
I'm using "MyPage" plugin for Trac.
I have figured out it is useful to store SSH keys on my private page as an attachment, so I can clone my GIT repository from any computer.
Then I have our found that any user who can view a History tab, can see the content of the attachment :/
Any idea how to secure this thing?
Since in general this is meant as a feature, you'd like to just block one or several specific attachments from common view.
If this is true, TracFineGrainedPermissions is for you. Then you'll be able to have something like
[wiki:Users/KilldaclickHome#*/attachment/supersecret.file]
killdaclick = ATTACHMENT_VIEW
* = !ATTACHMENT_VIEW
to just deny access to the specific file to anyone but yourself. Have a look at the FineGrainedPageAuthzEditorPlugin for a alternative way to define these permission (from the web-UI instead of direct access to the authz file).
You'll certainly think twice about granting permission 'TRAC_ADMIN' - just a hint that these user can edit the file and possibly circumvent any restriction. But 'TRAC_ADMIN' will have 'ATTACHMENT_VIEW' anyway.