Verifying Mercurial Changesets are from who they say they're from

I'm investigating using Mercurial in a corporate environment开发者_如何学Go. The plan is to use central repositories hosted by a webserver (IIS) which developers will push to once they've tested changes locally or within their teams.

I have IIS configured to authenticate users against Active Directory, but there seems to be a hole in that while I can enforce who can push, I can't enforce that they sign their changesets as themselves.

For example, given a basic "commit" scenario:

1. user commits to their local repository
2. user pushes their changes to the central repository

In step 1, the user provides a username (via their .hgrc file or whatever) to their local repository, but there isn't really any way to enforce that this is their "real" username.

In step 2, the user has to provide their "real" credentials to IIS to be allowed to push, but their changesets will show up in the history with whatever username they provided in step 1. It seems like if bob used "alice" as his username for step 1, he could make sure alice got the blame for any of his buggy changes.

Is there a way to make sure these user names match up during the push (via hooks or something)? Or alternatively, some other way to ensure a reasonable level of authenticity in the change long?

Edit: On further consideration, I guess I don't actually want to enforce that these names line up; if Bob and Alice have been collaborating in a separate repo, Bob should ultimately be able to push all of their changes, not just his own. What I really want is just to make sure that if it comes down to it, I can tell who made what changes in a more definitive way than just whatever username was applied.

I'm thinking GpgExtension is part of the answer, but I still don't think I've got the full picture.

I eventually found this discussion, which essentially says that my options are essentially getting everyone to sign changesets with GPG, or setting up a "pushlog" outside of mercurial which tracks what user pushed what to the central repository.

Ry4an also pointed out this (essentially duplicate) question with some good answers that confirm what I'd found elsewhere.