Re: Few Questions

["Shawn O. Pearce" <spearce@spearce.org>]

Jakub Narebski <jnareb@gmail.com> wrote:
> "Arya, Manish Kumar" <m.arya@yahoo.com> writes:
> > 
> > I want to have following with Git
> > 
> > - LDAP and ssh authentication.
> > 
> 
> Instead of inventing (and failing) its own protocol and its own
> authentication git uses established solutions for authentication: SSH
> for "smart" server, and WebDAV for push via (currently only "dumb")
> HTTPS protocol.
> 
> There exist solutions that help with setting up SSH for git:
> git-shell, ssh_acl, and I think most commonly used Gitosis (see
> seminal reference about Gitosis on http://git.or.cz/gitwiki/BlogPosts).
 
Yup.  Gitosis is very popular for this.

At my last job I rolled my own Gitosis-lite, but in Perl, because
they are a Perl based shop.  It also uses the update-paranoid hook
for access controls, as its more flexible (and easier to confuse
the heck out of yourself) than Gitosis.  But if you can get along
with Gitosis, its a good choice.  Unfortunately its authentication
is limited to public keys registered in the authorized keys file
of the "git" user.

<plug type="not-quite-ready-but-will-be-soon">

Gerrit2 is also likely to enter this "market" soon.  I'm trying to
get it production ready and live for one major project before the
end of this month.  It embeds its own SSH daemon on a non-standard
port, completely disconnected from the OS authentication.  This may
make it slightly more palatable in some enviroments then Gitosis,
as you don't need a huge authorized_keys file, and you don't have
to worry quite so much about attack vectors.

Unlike with Gitosis, public key management is placed on end-users
by using web authentication to identify the user, and letting the
user manage their own "authorized key list".  It also has a full
blown web based code review system built in.  Which right now a
project must use if it is hosted by Gerrit2.  :-)

</plug>

-- 
Shawn.