On Aug 12, 2005, at 7:15 AM, Branko Čibej wrote:
>>
>> It's possible the different behaviour is due to a different auth
>> setup
>> between the tsvn server and my server. I used httpd to require
>> read/write auth for all access, tsvn uses mod_auth_svn and probably
>> allows read-only access as well as read/write access.
>>
>>
> D'you know, I think you're right! The damn mod_authz_svn takes it
> upon itself to return HTTP_UNAUTHORIZED in the auth_checker hook,
> even though it's thecking authorization, not authentication. I
> think this is a bug in mod_authz_svn. It should be returning
> HTTP_FORBIDDEN (as in the access_checker hook), and probably
> shouldn't provide an auth checker at all.
CEE (tigris.org) doesn't use mod_authz_svn, but a proprietary module
called mod_auth_svn. The name is deliberately ambiguous, because it
registers itself as both an authn and authz hook with apache. It
performs authn by checking the basic-auth-creds against a central CEE
database, and performs authz by checking paths against another
central CEE database.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 12 15:17:02 2005