# Re: User authentication\authorization upper-lower case

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 9 Oct 2010 17:23:28 +0200

No time to test, sorry, but agreed that usernames should be
case-sensitive. Please file a bug if they aren't...

Bob Archer wrote on Fri, Oct 08, 2010 at 11:45:16 -0400:
> > On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bob.Archer_at_amsi.com>
> > wrote:
> > > >> Hi all. I have a problem with SVN. I have the (only) user
> > > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > > >> repository. Why am I able to get *authenticated* with the user
> > > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > > >> authenticated user can access and read from my repository, so
> > > >> 'TESTUSER' should not be authenticated, as it happens for all
> > > the
> > > >> users not appearing in the passwd file, for example the
> > > 'BlaBlaBla'
> > > >> user.
> > > >> Thanks
> > > >You probably have anon access allowed. Are you using svn or
> > > apache/http? Perhaps showing us your config file would help. I
> > > >think authorization is only applied to authenticated users.
> > >
> > > >BOb
> > >
> > > anon-access = none
> > > password-db = passwd
> > > authz-db = authz
> > >
> > > I'm using svn (svnserve.exe). There is a mistake in the previous
> > > post: 'test_user' is without the '_' character. So the only user
> > in
> > > passwd is 'testuser'. Every user different from 'testuser' does
> > not
> > > get authentication, while 'TESTUSER' gets authentication, but
> > he's
> > > not authorized to commit. (while 'testuser' is). It seems that
> > > 'TESTUSER' and 'testuser' are the same from the authentication
> > > point of view, while they are different from the authorization
> > > point of view. Instead, I would expect for 'TESTUSER' to not be
> > > authenticated. Am I right or am I missing something? Thanks.
> > > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bob.Archer_at_amsi.com>
> > > wrote:
> > You are possibly correct. I know that svn is case sensitive.
> > However, the authentication may not be. If you authenticate using
> > lower case can you do your commit?
> >
> > BOb
> >
> > Sure, 'testuser' can commit
>
> So, it sounds like you have your answer. Authentication is not case sensitive, yet authorization is. Seems like a bit of a bug to me. Perhaps a svn dev will jump in here and let us know.
>
> BOb
>