Sander Striker wrote:
> FakeBasicAuth
[...]
> So apparently your certs Subject DN is empty.
Notice that this conclusion, strictly speaking, is invalid:
All the documentation says is that the standard Basic auth mechanism
then works. It does *not* state that req->user is set to the DN,
which is what mod_dav_svn uses.
I see something different from what David sees, and I have
studied two scenarios, which I can all explain consistently
with the Apache documentation
1. I add *only* +FakeBasicAuth, and don't add AuthType etc
to the Location. I then can perform commits just fine,
and "anonymous" gets logged. This may be the case as
no Apache authentication is performed at all, so the
HTTP Authentication: header which mod_ssl adds is never
evaluated (notice that mod_ssl does *not* set req->user).
I could explain the difference that David sees by
assuming that he uses a different client, one that
displays absent authors as "(no author)" instead of
"anonymous".
2. I also add AuthType Basic. It then forces me to also
add a basic user file, which I do. The SVN client performs
a number of successful HTTP interactions, until eventually
the MERGE request is rejected as unauthorized, and the
commit fails. Even if this would work, it would not be
satisfying, as it requires me to maintain a fake user file
of authorized users. I meant to express authorization with
a SSLRequire formula instead.
It would probably also log the full DN in the svn log,
whereas I would prefer it to log the CN only (as this is
sufficient to indicate authorship).
Regards,
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu May 15 10:02:29 2003