[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Subversion & Apache configuration with Windows Authentication

From: Schadler,Gerald F - JHSS <gfschadler_at_bpa.gov>
Date: 2005-11-01 21:53:40 CET

Need some help here. I think I have everything configured correctly,
but I can't seem to get the per-directory access control to work.
 
I can get Apache and Subversion configured to where it will do a windows
authentication, but then everyone has read/write access to all the
repositories. See config file below.
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
<Location /svn>
 
  DAV svn
# SVNPath /svn/bes
  SVNParentPath /svn
  SVNAutoversioning on
 
# Authentication required
# require valid-user
 
# Authentication with the Domain Controller
  AuthName "Subversion repository"
  AuthType SSPI
  SSPIAuth on
  SSPIAuthoritative On
  SSPIDomain PDX
  SSPIOfferBasic On
# SSPIOmitDomain On
 
# our access control policy enforced by mod_authz_svn
# AuthzSVNAccessFile "c:/svn/conf/svnaccess.conf"
 
</Location>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
 
When I try to use the access file for authentication with windows, I get
a 401 Authorization required. Here is the location config and access
file:
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
<Location /svn>
 
  DAV svn
# SVNPath /svn/bes
  SVNParentPath /svn
  SVNAutoversioning on
 
# Authentication required
  require valid-user
 
# Authentication with the Domain Controller
  AuthName "Subversion repository"
  AuthType SSPI
  SSPIAuth on
  SSPIAuthoritative On
  SSPIDomain PDX
  SSPIOfferBasic On
# SSPIOmitDomain On
 
# our access control policy enforced by mod_authz_svn
  AuthzSVNAccessFile "c:/svn/conf/svnaccess.conf"
 
</Location>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
 
Access File:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
######################################################################
  Define Group Names and Members
######################################################################
[groups]
svnadmin = PDX\sysadmin1
testusers = PDX\testuser
 
######################################################################
  Define Repository Write and Read Members
######################################################################
bes-write = @svnadmin
bes-read = @testusers
 
pisces-write = @svnadmin
pisces-read = @testusers
 
repos-write = @svnadmin
repos-read = @testusers
 
######################################################################
  Define Repository Access Permissions
######################################################################
[/]
* = r
PDX\svnadmin = rw
 

[bes:/]
@bes-write = rw
@bes-read = r
 
[pisces:/]
@pisces-write = rw
@pisces-read = r
BUD\testuser2 = rw
 
[repos:/]
@repos-write = rw
@repos-read = r
BUD\testuser3 = rw
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
 
Any help on this would be greatly appreciated.
 
Thanks,
 
Jerry Schadler
Bonneville Power Administration
Web Server Administrator
Email: gfschadler@bpa.gov
Pager: 5033478677@vtext.com
Desk: (360) 418-2184
Cell: (503) 347-8677
 
Received on Tue Nov 1 23:30:12 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.