SVN + http + NIS Authentication on OpenSUSE 11.2

Step.1 Install OpenSUSE 11.2

• New Installation
• English
• select GNOME Desktop
• LVM Partitioning
  
  /boot : 70.57MB
  / : 40GB
  /srv : max
  swap : 4GB
  


• disable Fireware
• NTP: time.stdtime.gov.tw

Step.2 Network

• IP : 192.168.103.xxx
• Gateway : 192.168.103.254
• Subnet Mask : 255.255.0.0
• DNS : 192.168.xxx.xxx
• Hostname : svn

Step.3 NIS Client

• domain: xxx
• server: 192.168.xxx.xxx
• Enable automount
• Check /etc/nsswitch.conf setting
  
  passwd: files nis
  group: files nis
  shadow: files nis
  hosts: files nis dns

Step.4 Add Software Repository

• Apache Module
  
  http://download.opensuse.org/repositories/Apaches:/Modules/OpenSUSE_11.2
• RemoteDesktop
  
  http://download.opensuse.org/repositories/X11:/RemoteDesktop/OpenSUSE_11.2

Step.5 Install Nvidia Driver

Visit http://en.opensuse.org/NVIDIA_drivers

Step.6 Software Install by using yast2

• Update All Patches
• Install Apache
  
  
  apache2
  apache2-mod_perl, apache2-mod_php5,
  apache2-mod_authnz_external
  apache2-mod_security2
  yast2-http-server
  


• Install FTP server
  
  
  pure-ftpd
  yast2-ftp-server
  


• Install Development Tools
  
  gcc, gcc-c++, make, autoconf, compat

Step.7 Enable Network Service

enable sshd, autofs, httpd service

Step.8 SVN Repository

• create directory
  
  
#mkdir /srv/svn/projects
#mkdir /srv/svn/users



• Change Owner
  
# chown -R wwwrun /srv/svn
# chgrp -R www /srv/svn



• Create SVN Repository
  
  
# sudo -u wwwrun svnadmin create /srv/svn/projects
# sudo -u wwwrun svnadmin create /srv/svn/users

Step.9 Apache + NIS Auth

Reference: http://forums.opensuse.org/get-help-here/network-internet/436171-nis-system-auth-apache-subversion.html

• Download pwauth source code, modify and Recompile
  
  
  Download pwauth-2.3.8.tar.gz from http://code.google.com/p/pwauth/downloads/list
  
  
  # tar -zxvf pwauth-2.3.8.tar.gz
  # cd pwauth-2.3.8
  # vi config.h
  
  
  change
  
  #define SERVER_UIDS 72 /* user "nobody" */
  
  to
  
  #define SERVER_UIDS 30 /* user "wwwrun" */
  
  
  
  # make
  # cp ./pwauth /usr/bin
  # chmod 4755 /usr/bin/pwauth
  
  
  


• Install checkpassword-pam
  
  
  Download checkpassword-pam-0.99.tar.gz from http://sourceforge.net/projects/checkpasswd-pam/files
  
  
# tar -zxvf checkpassword-pam-0.99.tar.gz
# cd checkpassword-pam-0.99
# ./configure
# make
# make install


• create /etc/pam.d/httpd is
  
  
auth include common-auth
account include common-account
password include common-password
session include common-session


• In /etc/apache2/default-server.conf, add:
  
  
AddExternalAuth pwauth /usr/bin/pwauth
AddExternalAuth checkpassword-pam "/usr/local/bin/checkpassword-pam -H --noenv --debug --stdout -s httpd -- /bin/true"
SetExternalAuthMethod checkpassword-pam checkpassword
AddExternalGroup unixgroup /usr/bin/unixgroup
SetExternalGroupMethod unixgroup environment


• In the /etc/apache2/conf.d/subversion.conf:
  
  
  
  
  
  DAV svn
  SVNParentPath /home/srv/svn
  SVNListParentPath on
  # Limit write permission to list of valid users.
  # Require SSL connection for password protection.
  # SSLRequireSSL
  AuthType Basic
  AuthName "Subversion Server"
  AuthExternal checkpassword-pam
  AuthBasicProvider external
  Require valid-user
  AuthzSVNAccessFile /srv/svnaccess.conf
  
  
  


• In the /etc/apache2/conf.d/authnz_external.conf :
  
  
  AddExternalAuth pwauth /usr/sbin/pwauth
  SetExternalAuthMethod pwauth pipe


• Enable aoache module and restart apache2
  
  
# a2enmod authnz_external
# a2enmod dav
# a2enmod dav_svn
# a2enmod authz_svn
# a2enmod perl
# rcapache2 restart

Step.10 Setup FreeNX

# nxsetup --install --setup-nomachine-key --clean

SVN + http + NIS Authentication on OpenSUSE 11.2

Step.1 Install OpenSUSE 11.2

• New Installation
• English
• select GNOME Desktop
• LVM Partitioning
  
  /boot : 70.57MB
  / : 40GB
  /srv : max
  swap : 4GB
  


• disable Fireware
• NTP: time.stdtime.gov.tw

Step.2 Network

• IP : 192.168.103.xxx
• Gateway : 192.168.103.254
• Subnet Mask : 255.255.0.0
• DNS : 192.168.xxx.xxx
• Hostname : svn

Step.3 NIS Client

• domain: xxx
• server: 192.168.xxx.xxx
• Enable automount
• Check /etc/nsswitch.conf setting
  
  passwd: files nis
  group: files nis
  shadow: files nis
  hosts: files nis dns

Step.4 Add Software Repository

• Apache Module
  
  http://download.opensuse.org/repositories/Apaches:/Modules/OpenSUSE_11.2
• RemoteDesktop
  
  http://download.opensuse.org/repositories/X11:/RemoteDesktop/OpenSUSE_11.2

Step.5 Install Nvidia Driver

Visit http://en.opensuse.org/NVIDIA_drivers

Step.6 Software Install by using yast2

• Update All Patches
• Install Apache
  
  
  apache2
  apache2-mod_perl, apache2-mod_php5,
  apache2-mod_authnz_external
  apache2-mod_security2
  yast2-http-server
  


• Install FTP server
  
  
  pure-ftpd
  yast2-ftp-server
  


• Install Development Tools
  
  gcc, gcc-c++, make, autoconf, compat

Step.7 Enable Network Service

enable sshd, autofs, httpd service

Step.8 SVN Repository

• create directory
  
  
#mkdir /srv/svn/projects
#mkdir /srv/svn/users



• Change Owner
  
# chown -R wwwrun /srv/svn
# chgrp -R www /srv/svn



• Create SVN Repository
  
  
# sudo -u wwwrun svnadmin create /srv/svn/projects
# sudo -u wwwrun svnadmin create /srv/svn/users

Step.9 Apache + NIS Auth

Reference: http://forums.opensuse.org/get-help-here/network-internet/436171-nis-system-auth-apache-subversion.html

• Download pwauth source code, modify and Recompile
  
  
  Download pwauth-2.3.8.tar.gz from http://code.google.com/p/pwauth/downloads/list
  
  
  # tar -zxvf pwauth-2.3.8.tar.gz
  # cd pwauth-2.3.8
  # vi config.h
  
  
  change
  
  #define SERVER_UIDS 72 /* user "nobody" */
  
  to
  
  #define SERVER_UIDS 30 /* user "wwwrun" */
  
  
  
  # make
  # cp ./pwauth /usr/bin
  # chmod 4755 /usr/bin/pwauth
  
  
  


• Install checkpassword-pam
  
  
  Download checkpassword-pam-0.99.tar.gz from http://sourceforge.net/projects/checkpasswd-pam/files
  
  
# tar -zxvf checkpassword-pam-0.99.tar.gz
# cd checkpassword-pam-0.99
# ./configure
# make
# make install


• create /etc/pam.d/httpd is
  
  
auth include common-auth
account include common-account
password include common-password
session include common-session


• In /etc/apache2/default-server.conf, add:
  
  
AddExternalAuth pwauth /usr/bin/pwauth
AddExternalAuth checkpassword-pam "/usr/local/bin/checkpassword-pam -H --noenv --debug --stdout -s httpd -- /bin/true"
SetExternalAuthMethod checkpassword-pam checkpassword
AddExternalGroup unixgroup /usr/bin/unixgroup
SetExternalGroupMethod unixgroup environment


• In the /etc/apache2/conf.d/subversion.conf:
  
  
  <Location /svn/>
  
  
  DAV svn
  SVNParentPath /home/srv/svn
  SVNListParentPath on
  # Limit write permission to list of valid users.
  # Require SSL connection for password protection.
  # SSLRequireSSL
  AuthType Basic
  AuthName "Subversion Server"
  AuthExternal checkpassword-pam
  AuthBasicProvider external
  Require valid-user
  AuthzSVNAccessFile /srv/svnaccess.conf
  
  
  </Location>


• In the /etc/apache2/conf.d/authnz_external.conf :
  
  
  AddExternalAuth pwauth /usr/sbin/pwauth
  SetExternalAuthMethod pwauth pipe


• Enable aoache module and restart apache2
  
  
# a2enmod authnz_external
# a2enmod dav
# a2enmod dav_svn
# a2enmod authz_svn
# a2enmod perl
# rcapache2 restart

Step.10 Setup FreeNX

# nxsetup --install --setup-nomachine-key --clean