Ok. Sorry about the panic. Feeling pretty stupid now!!! Just found this
further down my httpd.conf:
<Location /repos-xml/Project/tags>
<LimitExcept GET PROPFIND OPTIONS REPORT>
AuthType Basic
AuthName "Read-only tags."
AuthUserFile /usr/local/apache/conf/passwords
AuthGroupFile /usr/local/apache/conf/groups
Require user Dave
</LimitExcept>
</Location>
and it should obviously have been:
<Location /repos-xml/Project/tags>
AuthType Basic
AuthName "Developer access required"
AuthUserFile /usr/local/apache/conf/passwords
AuthGroupFile /usr/local/apache/conf/groups
require group Development
<LimitExcept GET PROPFIND OPTIONS REPORT>
AuthType Basic
AuthName "Read-only tags."
AuthUserFile /usr/local/apache/conf/passwords
AuthGroupFile /usr/local/apache/conf/groups
Require user Dave
</LimitExcept>
</Location>
Sorry.
Dave.
> Did you restart your browser between both accesses ? Most browsers will
> cache the authentication and return it to the server when accessing a URL
> that is below where the browser was asked for credentials.
>
> Another thing, if you trace the connection (using Ethereal or some such
> tool), you should see the server sending credential requirements to the
> browser and the browser returning the username and password.
>
> Hope that helps,
> François
>
> On Thu, 24 Jul 2003 20:32:33 +0100 (BST), "Dave Oxley"
> <david.oxley@workplace-systems.plc.uk> said:
>> Urgent bug found in 0.25:
>> I'm running SVN 0.25 with Apache 2.0.47 on RedHat Linux 8.0.
>>
>> My httpd.conf file contains:
>>
>> <Location /repos>
>> DAV svn
>> SVNPath /var/repos
>> AuthType Basic
>> AuthName "Developer access required"
>> AuthUserFile /usr/local/apache/conf/passwords
>> AuthGroupFile /usr/local/apache/conf/groups
>> require group Development
>> </Location>
>>
>> Using a web browser I am prompted for user name and password when
>> accessing the url:
>> https://server.com/repos
>> but I am not prompted for a user name and password when accessing the
>> url:
>> https://server.com/repos/Project/trunk/SomeFile.xml
>>
>> Basically, the security is bypassed when trying to view files in the
>> repository.
>>
>> Dave.
>>
>> ________________________________________________________________________
>> This e-mail has been scanned for all viruses by Star Internet. The
>> service is powered by MessageLabs. For more information on a proactive
>> anti-virus service working around the clock, around the globe, visit:
>> http://www.star.net.uk
>> ________________________________________________________________________
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
>> For additional commands, e-mail: dev-help@subversion.tigris.org
>>
>>
> Developer of Java Gui Builder
> http://jgb.sourceforge.net/
>
> ________________________________________________________________________
> This e-mail has been scanned for all viruses by Star Internet. The
> service is powered by MessageLabs. For more information on a proactive
> anti-virus service working around the clock, around the globe, visit:
> http://www.star.net.uk
> ________________________________________________________________________
>
________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jul 24 22:15:47 2003