SVN + http + NIS Authentication on OpenSUSE 11.2

Step.1 Install OpenSUSE 11.2

  • New Installation
  • English
  • select GNOME Desktop
  • LVM Partitioning
      /boot : 70.57MB
      / : 40GB
      /srv : max
      swap : 4GB
  • disable Fireware
  • NTP: time.stdtime.gov.tw

Step.2 Network

  • IP : 192.168.103.xxx
  • Gateway : 192.168.103.254
  • Subnet Mask : 255.255.0.0
  • DNS : 192.168.xxx.xxx
  • Hostname : svn

Step.3 NIS Client

  • domain: xxx
  • server: 192.168.xxx.xxx
  • Enable automount
  • Check /etc/nsswitch.conf setting
      passwd: files nis
      group: files nis
      shadow: files nis
      hosts: files nis dns

Step.4 Add Software Repository

  • Apache Module
      http://download.opensuse.org/repositories/Apaches:/Modules/OpenSUSE_11.2
  • RemoteDesktop
      http://download.opensuse.org/repositories/X11:/RemoteDesktop/OpenSUSE_11.2

Step.5 Install Nvidia Driver

    Visit http://en.opensuse.org/NVIDIA_drivers

Step.6 Software Install by using yast2

  • Update All Patches
  • Install Apache
      apache2
      apache2-mod_perl, apache2-mod_php5,
      apache2-mod_authnz_external
      apache2-mod_security2
      yast2-http-server
  • Install FTP server
      pure-ftpd
      yast2-ftp-server
  • Install Development Tools
      gcc, gcc-c++, make, autoconf, compat

Step.7 Enable Network Service

    enable sshd, autofs, httpd service

Step.8 SVN Repository

  • create directory

      #mkdir /srv/svn/projects
      #mkdir /srv/svn/users
  • Change Owner

      # chown -R wwwrun /srv/svn
      # chgrp -R www /srv/svn
  • Create SVN Repository

      # sudo -u wwwrun svnadmin create /srv/svn/projects
      # sudo -u wwwrun svnadmin create /srv/svn/users

Step.9 Apache + NIS Auth

    Reference: http://forums.opensuse.org/get-help-here/network-internet/436171-nis-system-auth-apache-subversion.html
  • Download pwauth source code, modify and Recompile
      Download pwauth-2.3.8.tar.gz from http://code.google.com/p/pwauth/downloads/list


        # tar -zxvf pwauth-2.3.8.tar.gz
        # cd pwauth-2.3.8
        # vi config.h

          change

            #define SERVER_UIDS 72 /* user "nobody" */

          to

            #define SERVER_UIDS 30 /* user "wwwrun" */

        # make
        # cp ./pwauth /usr/bin
        # chmod 4755 /usr/bin/pwauth

  • Install checkpassword-pam
      Download checkpassword-pam-0.99.tar.gz from http://sourceforge.net/projects/checkpasswd-pam/files


        # tar -zxvf checkpassword-pam-0.99.tar.gz
        # cd checkpassword-pam-0.99
        # ./configure
        # make
        # make install
  • create /etc/pam.d/httpd is

      auth include common-auth
      account include common-account
      password include common-password
      session include common-session
  • In /etc/apache2/default-server.conf, add:

      AddExternalAuth pwauth /usr/bin/pwauth
      AddExternalAuth checkpassword-pam "/usr/local/bin/checkpassword-pam -H --noenv --debug --stdout -s httpd -- /bin/true"
      SetExternalAuthMethod checkpassword-pam checkpassword
      AddExternalGroup unixgroup /usr/bin/unixgroup
      SetExternalGroupMethod unixgroup environment
  • In the /etc/apache2/conf.d/subversion.conf:

        DAV svn
        SVNParentPath /home/srv/svn
        SVNListParentPath on
        # Limit write permission to list of valid users.
        # Require SSL connection for password protection.
        # SSLRequireSSL
        AuthType Basic
        AuthName "Subversion Server"
        AuthExternal checkpassword-pam
        AuthBasicProvider external
        Require valid-user
        AuthzSVNAccessFile /srv/svnaccess.conf

  • In the /etc/apache2/conf.d/authnz_external.conf :
      AddExternalAuth pwauth /usr/sbin/pwauth
      SetExternalAuthMethod pwauth pipe
  • Enable aoache module and restart apache2

      # a2enmod authnz_external
      # a2enmod dav
      # a2enmod dav_svn
      # a2enmod authz_svn
      # a2enmod perl
      # rcapache2 restart

Step.10 Setup FreeNX

    # nxsetup –install –setup-nomachine-key –clean

在〈SVN + http + NIS Authentication on OpenSUSE 11.2〉中有 1 則留言

  1. 1. 要加上 authz_svn 的 Module 才能用

    AuthzSVNAccessFile /srv/svnaccess.conf

    2. 把 <Location /svn> 改成 <Location /svn/>
    才不會出現
    The URI does not contain the name of a repository
    的錯誤訊息

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *