Authenticating Gitweb with Gitosis without LDAP Au

2019-06-22 00:28发布

问题:

I found your article using Apache Auth with gitweb, gitosis.

I was wondering if there was a way to do this if I wasn't using LDAP for authentication. We currently have a very large NIS domain which we use for authentication on all unix servers. We use this for SVN repositories through a UI, but for this case I am trying to meet a requirement of:

  • Git Repositories
  • Access Controlled - using Gitolite
  • Online UI - using Gitweb
  • UI must also have Access Control - not yet implemented

I was thinking first I need to get Gitweb and Gitolite to play together and each one works at the moment individually.

If gitolite provides access using SSH-keys, then it can provide the access this way by having a key for each machine a user/developer will be accessing Gitweb/gitolite from.

Or if I can get gitweb to simply authenticate users from NIS domain since every user has an account that our IT department sets up this would be better.

Any ideas or howtos I can use to get further on this requirement?

回答1:

The way you link gitweb and gitosis together is by:

  • having gitweb configuration files with names identical to NIS logins
  • having gitweb.conf (from gitolite) including in gitweb_config.perl from this blog post (add at the end of gitweb_config.perl:)
    use lib (".");
    require "gitweb.conf";
  • using a NIS authentication for your Apache2 httpd.conf (or extra/httpd-ssl.conf if you are using https)

Once a user is authenticated (be it with basic, LDAP or NIS auth), the $cgi->remote_user will be set and that is that login which will be passed (by the gitolite gitweb.conf) to the gitolite perl script managing Git access rights (ACLs).

The Git ACLs are still managed by ssh key and are independent from the login mechanism, except for the login part which enable gitolite to make the right account association.