[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Multiple authentication sources

From: Frank Gruman <fgatwork_at_verizon.net>
Date: Fri, 05 Dec 2008 20:50:49 -0500

On Fri, 2008-12-05 at 13:29 -0600, Alec Kloss wrote:
> On 2008-12-05 10:55, Craig McQueen wrote:
> > Hello all,
> >
> > The following doc says that a Windows Apache server can be set up to
> > authenticate against both Windows SSPI and a password file:
> > http://tortoisesvn.net/docs/nightly/TortoiseSVN_en/help-onepage.html#tsvn-serversetup-apache-6
> >
> > I'm trying to get this working on a Windows Apache 2.2 server, but
> > without success. SSPI works on its own, and the password file works on
> > its own. But if I try to use both together, as described, then
> > authenticating against the SSPI works but authenticating against the
> > password file fails.
> >
> > I'm wondering: does this solution simply not work on Apache 2.2.x due to
> > changes to the authentication/authorization setup in Apache 2.2.x?
> >
> > I'm interested to know if anyone else has tried this on Apache 2.2.x,
> > and if you ended in success or failure.
>
> I've never been able to make Apache 2.2 authenticate against multiple
> auth modules at the same time without patching mod_auth_basic and
> usually the other authentication module as well.
>
> I'd be very curious to know how people get this to work without patching
> apache.
>
> --
> Alec.Kloss_at_oracle.com Oracle Middleware
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=980286
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].

I've successfully implemented multiple authentication sources, but I
believe the current limitation (until Apache 2.3/2.4 is released) is
that they must all be of the same type (AuthType Basic or AuthType
SSPI). In my case, I was able to do basic authentication with a file
and LDAP.

But I thought it would still be possible. I found a sample config here
-
http://osdir.com/ml/version-control.subversion.ankhsvn.general/2006-04/msg00037.html

        <Location /svn/>
            DAV svn
            SVNParentPath "/srv/svn/my_projects"
            
            AuthName "Subversion Repositories"
            Require valid-user #this is all authenticated users on
        domain
            AuthAuthoritative Off #enables multiple authorities
            
            AuthType SSPI
            SSPIAuth On
            SSPIAuthoritative Off
            #SSPIAuthoritative On - Forces only SSPI auth, skips passwd
        file
            SSPIOmitDomain On
            SSPIDomain MY_AD_DOMAIN
            SSPIOfferBasic On
            
            AuthType Basic
            AuthUserFile "/srv/svn/auth/basic_users"
            
            AuthzSVNAccessFile "/srv/svn/auth/svn_users"
            
        </Location>

Regards,
Frank

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=980424

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-08 23:23:27 CET

This is an archived mail posted to the Subversion Users mailing list.