SVN with Cyrus sasl2db on CentOS

This will provide an overview of the steps required to setup Subversion using a sasl2db for authentication. These steps will be geared for CentOS but it should be similar for other distributions. If you follow this setup guide, you can also take advantage of my SVN Admin Script. It provides an easy interface to manage SVN repos and users.

  1. Set up SVN - Documentation for this can be found for any distro. CentOS Subversion documentation -
    yum install subversion
  2. Install sasl - including sasl-md5 package
    yum install cyrus-sasl cyrus-sasl-md5 cyrus-sasl-lib cyrus-sasl-sql cyrus-sasl-plain

  3. Configure sasl database - Edit /etc/sasl2/svn.conf to have:
    pwcheck_method: auxprop
    auxprop_plugin: sasldb
    sasldb_path: /var/svn/sasldb2
    mech_list: DIGEST-MD5

  4. Create a new repo
    svnadmin create /var/svn/new_repo

  5. Copy default config file to shared location
    cp /var/svn/new_repo/conf/svnserve.conf /var/svn/svnserve.conf
    ln -s /var/svn/svnserve.conf /var/svn/new_repo

  6. Edit config file to have proper settings. I believe realm is required and the sasl section needs to be added.
    anon-access = none
    auth-access = write
    realm = myrealm
    use-sasl = true
    min-encryption = 128
    max-encryption = 256

  7. Managing sasl users
    List users: sasldblistusers2 -f /var/svn/sasldb2
    Add user: saslpasswd2 -c -u realm-name  -f /path/to/sasldb username
    Change user password: saslpasswd2 -u realm-name -f /path/to/sasldb username
    Delete user: saslpasswd2 -d

That should be all the steps to getting Subversion set up with users authenticating through the sasl2db. Creating the shared config file is optional, but I recommend it for situations where all repositories will be granted the same access.