[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Getting NT Authorization Right with mod_auth_sspi.so

From: Toby Johnson <toby_at_etjohnson.us>
Date: 2004-07-13 18:34:14 CEST

Roehl, Dan wrote:

>So I have been trying to get mod_auth_sspi to authenticate me. I think that
>this has really become an Apache issue rather than an SVN issue.
>
>I have tried the package from:
>http://www.deadbeef.com/software/sspi.html
>
>As well as the package from:
>http://www.gknw.net/development/apache/httpd-2.0/win32/modules/
>
>It just plain is not working.
>
>Has anyone got this to work on a Win2k/sp3-4 box with Apache 2.0?
>Can you walk me through?
>
>
Here are my LoadModule and Subversion sections, as well as a directory
listing of my Apache "modules" directory. I used the precompiled
deadbeef module; this is running on Win2K server. The reason for the two
"AuthType" declarations is that I wanted to fallback to a regular
AuthUser file if SSPI failed, thereby allowing me to add admin users
that don't exist in the NT Domain. I do not currently use groups in my
AuthzSVNAccessFile. I would set that file to the simplest case
(read-write permissions for all) until you get the SSPI part working; as
long as you have "Require valid-user", you'll still get the auth challenge.

When challenged for authentication, I type only my username without the
DOMAIN\ part in front of it. In fact, aside from the "SSPIDomain
MYDOMAIN" declaration, I never mention the actual name of my NT Domain
anywhere else. All of that happens transparently in the background.

LoadModule access_module modules/mod_access.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule sspi_auth_module modules/mod_auth_sspi.so
LoadModule auth_module modules/mod_auth.so
#LoadModule auth_anon_module modules/mod_auth_anon.so
#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imap_module modules/mod_imap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule ssl_module modules/mod_ssl.so

<Location /svn>
    DAV svn
    SVNPath c:/svn_repository/rep
    SVNAutoVersioning on
    SVNReposName "My Repository"

    Require valid-user
    AuthName "My Repository"
    AuthAuthoritative Off

    AuthType SSPI
    SSPIAuth On
    SSPIDomain MYDOMAIN
    SSPIOmitDomain On
    SSPIOfferBasic On
    SSPIAuthoritative Off

    AuthType Basic
    AuthUserFile "C:/svn_repository/auth/users.txt"
    AuthzSVNAccessFile "C:/svn_repository/auth/authz.txt"

</Location>

05/22/2004 03:13a 647,168 libdb42.dll
03/18/2004 11:14a 24,653 mod_access.so
03/18/2004 11:15a 24,658 mod_actions.so
03/18/2004 11:15a 24,656 mod_alias.so
03/18/2004 11:15a 24,658 mod_asis.so
03/18/2004 11:14a 24,651 mod_auth.so
05/22/2004 03:13a 209,002 mod_authz_svn.so
03/18/2004 11:14a 24,656 mod_auth_anon.so
03/18/2004 11:14a 24,655 mod_auth_dbm.so
03/18/2004 11:14a 32,850 mod_auth_digest.so
03/18/2004 11:15a 32,857 mod_auth_ldap.so
03/18/2004 05:04p 32,768 mod_auth_sspi.so
03/18/2004 11:15a 32,855 mod_autoindex.so
03/18/2004 11:15a 32,853 mod_cache.so
03/18/2004 11:15a 24,661 mod_cern_meta.so
03/18/2004 11:15a 28,753 mod_cgi.so
03/18/2004 11:15a 24,668 mod_charset_lite.so
03/18/2004 11:15a 81,999 mod_dav.so
03/18/2004 11:15a 45,136 mod_dav_fs.so
05/22/2004 03:13a 401,510 mod_dav_svn.so
03/18/2004 11:15a 57,426 mod_deflate.so
03/18/2004 11:15a 24,654 mod_dir.so
03/18/2004 11:15a 24,666 mod_disk_cache.so
03/18/2004 11:15a 24,655 mod_env.so
03/18/2004 11:15a 24,659 mod_expires.so
03/18/2004 11:15a 28,757 mod_ext_filter.so
03/18/2004 11:14a 24,659 mod_file_cache.so
03/18/2004 11:15a 24,659 mod_headers.so
03/18/2004 11:15a 28,751 mod_imap.so
03/18/2004 11:15a 41,042 mod_include.so
03/18/2004 11:15a 24,658 mod_info.so
03/18/2004 11:14a 32,851 mod_isapi.so
03/18/2004 11:15a 24,656 mod_logio.so
03/18/2004 11:15a 28,757 mod_log_config.so
03/18/2004 11:15a 24,665 mod_mem_cache.so
03/18/2004 11:15a 28,748 mod_mime.so
03/18/2004 11:15a 32,854 mod_mime_magic.so
03/18/2004 11:15a 36,950 mod_negotiation.so
03/18/2004 11:15a 41,038 mod_proxy.so
03/18/2004 11:15a 20,566 mod_proxy_connect.so
03/18/2004 11:15a 28,754 mod_proxy_ftp.so
03/18/2004 11:15a 24,659 mod_proxy_http.so
03/18/2004 11:15a 57,426 mod_rewrite.so
03/18/2004 11:15a 24,660 mod_setenvif.so
03/18/2004 11:15a 24,658 mod_speling.so
03/18/2004 11:15a 28,756 mod_status.so
03/18/2004 11:15a 24,661 mod_unique_id.so
03/18/2004 11:15a 24,658 mod_userdir.so
03/18/2004 11:15a 24,661 mod_usertrack.so
03/18/2004 11:15a 24,662 mod_vhost_alias.so
03/18/2004 11:15a 36,949 util_ldap.so

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 13 18:35:04 2004

This is an archived mail posted to the Subversion Users mailing list.