[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories

From: Thomas Åkesson <thomas.akesson_at_simonsoft.se>
Date: Wed, 16 Jan 2013 21:07:47 +0100

On 16 jan 2013, at 20:44, C. Michael Pilato wrote:

> On 01/16/2013 02:27 PM, Thomas Åkesson wrote:
>>
>> On 16 jan 2013, at 20:15, C. Michael Pilato wrote:
>>
>>> On 01/16/2013 01:54 PM, Thomas Åkesson wrote:
>>>> Hi Ivan,
>>>>
>>>> I committed to drafting some change notes for this change quite some time
>>>> ago.
>>>>
>>>> - Below is a draft of a section to include in Release Notes. I suggest
>>>> just after "In repository authz". - Patch contains line for CHANGES -
>>>> Patch contains clarification and new example for mod_authz_svn INSTALL
>>>> file.
>>>>
>>>> Hope I got the patch right.
>>>
>>> Thanks, Thomas. I like the release notes, and will incorporate them in just
>>> a few minutes.
>>
>> Good.
>
> Actually, I have a quick question for you. Your release notes say:
>
> {{{
> The access to "Collection of Repositories" is not restricted by
> mod_authz_svn. In order to require authentication on this location, the
> location should have "Satisfy All" (default). See examples in INSTALL for
> mod_authz_svn for additional details.
> }}}

Hmm, yes... complicated.

>
> I *think* I understood what meant in calling out that this is "not
> restricted by mod_authz_svn",

Since Subversion 1.7, mod_authz_svn always returns OK for CoR, regardless what's in the authz file. Before 1.6 it was possible to control access to CoR with [/] section.

So, if the CoR should not be anonymously accessible, we must do Satisfy All + Require valid-user.

> and wordsmithed that section to read like this
> instead:
>
> {{{
> NOTE: Access to "Collection of Repositories" is not restricted by
> mod_authz_svn, but is instead managed by mod_dav_svn itself. In order to
> require authentication on this location, the location should have "Satisfy
> All" (which is the default value of this directive). See examples in
> mod_authz_svn's INSTALL document for additional details.
> }}
>
> Is this still accurate?

I think you have improved this complicated piece.

> but is instead managed by mod_dav_svn itself

Is it technically managed by mod_dav_svn? Or is it... Apache core? Probably doesn't matter.

Btw, I tried to convey the difficulty of combining Anonymous and authenticated access (you wrote about that long ago) in the Note under Example 2. Hope you find that description accurate.

/Thomas Å.
Received on 2013-01-16 21:08:28 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.