Server configuration issue: Apache with mod_auth_radius

From: David Heppenstall <David.Heppenstall_at_rci.rogers.com>
Date: 2006-03-07 16:19:49 CET

Hello,

I'm having some problems serving Subversion repositories over Apache in
conjunction with RADIUS authentication.

The basic configuration of Apache with DAV svn works perfectly for anon
access:
<Location /svnbackdoor>
DAV svn
SVNParentPath /opt/svn
</Location>

In addition, I have added the FreeRadius mod_auth_radius module to
Apache and have also managed to get this working:
<Location /securetest>
  AuthType Basic
  AuthName "RADIUS authentication for no reason other than to annoy
you."
  AuthAuthoritative off
  AuthRadiusAuthoritative on
  AuthRadiusCookieValid 5
  AuthRadiusActive On
  require valid-user
</Location>

I assumed that just by concatenating these two fully-functioning
configurations that I would have a working RADIUS-Authenticated
Subversion url: <Location /svn>
  DAV svn
  SVNParentPath /opt/svn
  AuthType Basic
  AuthName "RADIUS authentication."
  AuthAuthoritative off
  AuthRadiusAuthoritative on
  AuthRadiusCookieValid 5
  AuthRadiusActive On
  require valid-user
</Location>

As you can see, all I did was put the options together in the same
<Location> directive. However, when I try to view the url in a web
browser, I am presented with a 404 error after entering a correct
username and password. In the CLI client, I get this:
svn: PROPFIND request failed on '/'
svn: PROPFIND of '/': 405 Method Not Allowed (http://<ip-removed>) I
speculate that once RADIUS authentication is completed, the request is
interpreted to be a literal filesystem path within DocumentRoot and my
SVNParentPath instruction is ignored.

The only way I have managed to get *some* of this working is by setting
DocumentRoot to "/opt/svn" and the SVN Location directive to "/". What
happens in this case is that the web browser can view repositories
perfectly after being authenticated. However, the CLI client returns a
301 Moved-Permanently error. I've read in the FAQ that this is an
expected problem when the SVN location overlaps with the DocumentRoot.
My DocumentRoot is now set to something completely different (/var/www/)
to avoid this problem, however now I'm back to being stuck with the 404
errors.

Is there any solution to configure Apache to permit RADIUS-authenticated
access to Subversion repositories? I would very much appreciate any
pointers, assistance or guidance you may have.

Thank you.

- Dave Heppenstall
david.heppenstall AT rci DOT rogers DOT com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Mar 7 16:21:03 2006

This message: [ Message body ]
Next message: Oded Arbel: "Regarding svn+ssh setup, virtual roots and other options"
Previous message: Julian Foad: "Re: [PATCH] #7 OS400/EBCDIC Port: Make svn_io_copy_file() CCSID insensitive."
Next in thread: C. Michael Pilato: "Re: Server configuration issue: Apache with mod_auth_radius"
Reply: C. Michael Pilato: "Re: Server configuration issue: Apache with mod_auth_radius"
Maybe reply: David Heppenstall: "RE: Server configuration issue: Apache with mod_auth_radius"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]