When deploying my Subversion server, I don't like creating a system account for each user so I was thinking of another authentication method.
I would like to use only one system account with SSH and then authenticate users using svnserve.
I tried to configure SSH so that each user has a different key and a specific svnserve command with a specific --tunnel-user. I also added these users into my passwd file in my repository.
My problem is that svnserve does not use the passwd file to authenticate --tunnel-user names but allows to read and write as long as the SSH authentication has been done.
Is there a way to force svnserve to prevent a user not in passwd from reading or commiting in a repository?
Edited:
If there is no way to achieve this with my setup, is there another way to serve Subversion on SSH without creating a system account for each user?
Best Answer
Tunnel mode skips svnserve authentication in favor of SSH authentication by design.
You're trying to bend this approach into doing what it's not meant to do. How about using a WebDAV setup over SSL (with users defined in the web server's authentication) instead?