0
  • OS: OpenSUSE Linux
  • Version control: Mercurial Hg
  • Web Front: Apache2.2

I'm able to click browse http : // servername : port/ hg

As soon as I click on it, it prompts me for Windows AD directory credentials.

Now, I have the following repositories in /srv/www/htdocs/hg/repos folder:

  • RepoProjectA
  • RepoProjectB
  • RepoProjectC

clicking on the above repository links is OK as I'm able to see Hg front end.

Now, I want to add authentication and authorization so that:

  • A)

    • Only users "c123456", "c654321" can commit files in RepoProjectA.
    • Only users "c222222" and "c333333" can push the changes and no one else can't push

    For the above, what files (???) I need to change and what change(s)/entry should I add to make this happen.

    PS: I'm using LDAP as authentication using Windows Active Directory. Do I still need to use htpasswd2 or htdigest2 modules to create any user files --or for granting access to a group create any group file???? I thought, the groups can be taken from what's already there in Active directory. As these are different project repositories, do I need individual .htaccess files? Won't a single global file do the trick?

  • B)

    • Only users "u123456" and "u654321" can commit files on branch "branch1" of RepoProjectB. (assuming we have a branch "branch1" in RepoProjectB).
    • Only users "u222222" and "u333333" can push the files
    • No one can commit/push anything on TRUNK/default branch
    • Exception: Everyone from group "RepoProjectB-GROUP" or "ABCDGroup" can do anything in this repository or it's branches.

For the above, what files (???) I need to change and what change(s)/entry should I add to make this happen.

  • C) I tried using CMD prompt and utility TortoiseHg from my Windows client machine, while doing any operations in Hg (clone, branch, add, commit, push, etc), I'm prompted for providing username and password every time. It's working, but I'm getting prompt for every action in Hg.

    How can I restrict to have user provide Windows Active Directory Credentials only once per session.

Can anybody put some light.

AKS
  • 16,482
  • 43
  • 166
  • 258

1 Answers1

0

Some progress on mercurial keyring thing, next i'll do is to start using more granular groups and allow/deny at Directory directive way.

more related info at:

http://stackoverflow.com/questions/14267873/mercurial-hg-no-changes-found-cant-hg-push-out/14269997#14269997
http://www.linuxquestions.org/questions/showthread.php?p=4867412#post4867412
http://stackoverflow.com/questions/12503421/hg-push-error-and-username-not-specified-in-hg-hgrc-keyring-will-not-be-used/14270602#14270602
http://stackoverflow.com/questions/12468634/opensuse-apache-windows-ldap-group-user-authentication-mercurial/14270648#14270648

if prompted multiple times for user credentials in mercurial. Setup Mercurial_Keyring and then

this question comes which nobody explained in an easy way.

??? -- how to make

[auth]
xx.prefix = servername/hg_or_something

work for all repositories under servername/hg location either if I use servername, servername's IP or servername's FQDN ?

ANSWER: Arun • 2 minutes ago −

OK, I put this in ~/.hgrc (Linux/Unix -home directory's .hgrc hidden file) or Windows users %UserProfile%/mercurial.ini or %HOME%/mercurial.ini file.

[auth]
default1.schemes = http https
default1.prefix = hg_merc_server/hg
default1.username = c123456

default2.schemes = http https
default2.prefix = hg_merc_server.company.com/hg
default2.username = c123456

default3.schemes = http https
default3.prefix = 10.211.222.321/hg
default3.username = c123456

Now, I can checkout using either Server/IP/Server's FQDN.
AKS
  • 16,482
  • 43
  • 166
  • 258