[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Logging SSL-authenticated users

From: Martin v. L÷wis <martin_at_v.loewis.de>
Date: 2003-05-15 09:19:50 CEST

Ben Collins-Sussman <sussman@collab.net> writes:

> Well, try requiring basic http auth then. The name/password will go
> over the encrypted SSL link. No need for a user-file, I suspect.

If I do

<Location /playground>
  SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
  DAV svn
  SVNPath /export/svn/playground
  SVNAutoversioning on
  AuthType Basic
  AuthName "playground subversion"
  require valid-user
</Location>

svn asks me for a user/password combination, and then gives

svn: OPTIONS request failed on '/playground/trunk'
svn: OPTIONS of '/playground/trunk': 500 Internal Server Error

and the following line is logged

[Thu May 15 09:05:14 2003] [crit] [client 141.89.224.131] configuration error: couldn't check user. No user file?: /playground/trunk

If I add

  SSLOptions +FakeBasicAuth

svn stops asking for user/password, but still gives the same error

If I add a fake user file (which I really don't want to do), listing
my DN, I get from the SVN client

Transmitting file data .svn: RA layer request failed
svn: Commit failed (details follow):
svn: MERGE request failed on '/playground/trunk'
svn: MERGE of '/playground/trunk': 403 Forbidden

On the server side, the following actions are logged

xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:50 +0200] "OPTIONS /playground/trunk HTTP/1.1" 200 190
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:50 +0200] "MKACTIVITY /playground/!svn/act/4af442b6-aebd-0310-8621-eeb8e8721fd5 HTTP/1.1" 201 346
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:51 +0200] "PROPFIND /playground/trunk HTTP/1.1" 207 425
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:51 +0200] "PROPFIND /playground/!svn/vcc/default HTTP/1.1" 207 386
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:51 +0200] "CHECKOUT /playground/!svn/bln/15 HTTP/1.1" 201 361
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:51 +0200] "PROPPATCH /playground/!svn/wbl/4af442b6-aebd-0310-8621-eeb8e8721fd5/15 HTTP/1.1" 207 356
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:52 +0200] "PROPFIND /playground/trunk HTTP/1.1" 207 382
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:52 +0200] "CHECKOUT /playground/!svn/ver/15/trunk/test.txt HTTP/1.1" 201 373
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:52 +0200] "PUT /playground/!svn/wrk/4af442b6-aebd-0310-8621-eeb8e8721fd5/trunk/test.txt HTTP/1.1" 204 0
xxx.xx.xxx.xxx - /C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=Martin von Loewis/emailAddress=Martin.vonLoewis@hpi.uni-potsdam.de [15/May/2003:09:16:53 +0200] "MERGE /playground/trunk HTTP/1.1" 403 296

What gives?

Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu May 15 09:21:09 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.