[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: "svn lock" crash against certain 1.1.x servers

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-08-12 15:15:16 CEST

On Aug 12, 2005, at 7:15 AM, Branko Čibej wrote:

>>
>> It's possible the different behaviour is due to a different auth
>> setup
>> between the tsvn server and my server. I used httpd to require
>> read/write auth for all access, tsvn uses mod_auth_svn and probably
>> allows read-only access as well as read/write access.
>>
>>
> D'you know, I think you're right! The damn mod_authz_svn takes it
> upon itself to return HTTP_UNAUTHORIZED in the auth_checker hook,
> even though it's thecking authorization, not authentication. I
> think this is a bug in mod_authz_svn. It should be returning
> HTTP_FORBIDDEN (as in the access_checker hook), and probably
> shouldn't provide an auth checker at all.

CEE (tigris.org) doesn't use mod_authz_svn, but a proprietary module
called mod_auth_svn. The name is deliberately ambiguous, because it
registers itself as both an authn and authz hook with apache. It
performs authn by checking the basic-auth-creds against a central CEE
database, and performs authz by checking paths against another
central CEE database.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 12 15:17:02 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.