简体繁体 English

Git Smart HTTP-某些存储库的用户身份验证

[英]Git Smart HTTP - User Authentication for certain repositories

原文 2011-01-16 17:02:10 6 2 git/ authentication/ version-control/ smart-http

I was wondering how you authenticate between git repos for smart http. 我想知道您如何在智能http的git repos之间进行身份验证。

For example, I have all my repositories in /repos/ , however, I would like to assign "John Doe" to only two of them. 例如，我所有的存储库都在/repos/ ，但是，我只想给其中的两个分配“ John Doe”。 The other I want "Jane Doe" to access; 我要“ Jane Doe”访问另一个； however, I don't want either one of them to be able to access each other's repositories. 但是，我不希望它们中的任何一个都能访问彼此的存储库。

By the way: I do have user authentication working in genernal with http auth, it's the separating priv. 顺便说一句：我确实使用http auth进行用户身份验证，这是单独的priv。 for certain users is what I'm really after. 对于某些用户，我真正想要的是。

2 个解决方案

Using http as a transport, you can use WebDAV . 使用http作为传输方式，可以使用WebDAV 。 The official howto is here , but tutorials abound on the web. 官方的howto在这里，但是教程在网络上比比皆是。

I spoke to the developer of https://github.com/sitaramc/gitolite and he pointed me in the direction: 我与https://github.com/sitaramc/gitolite的开发人员交谈，他指出了我的方向：

in short, you need a "mini gitolite"?

(1) set it up the way my man page says but instead of using
gl-auth-command use your script

(2) your script should do/deal with the following:

 - it should take the authenticated username from $REMOTE_USER
 - it should look at the PATH_INFO, REQUEST_URI, etc., to find out
what repo he wants to access and whether he wants to read or write
(you can see the code in simulate_ssh_connection() in my code for
that)
 - then use whatever logic you want to decide if you should allow or
reject the request

If you allow it you must "exec" the original git-http-backend.