Stefan Küng wrote:
> You have to differ between authentication and authorization.
>
> The username/password or SSPI (single-sign-on) is for authentication
> only. But then, if the authenticated user (e.g. the user "guest")
> doesn't have the authorization to access a specific directory in the
> repository, the whole operation fails.
> It's the same as if you would enter a username/password for a user who
> only has read access to a repository while you're trying to commit.
>
> And since the authorization is done in neon, but the authentication
> later is done on the server (apache), you can't just prompt for
> username/password - because the operation already failed.
>
> btw: this has nothing to do with SSPI, it also happens with basic auth.
> * Set up a user with read-only access
> * try a commit
> * enter username/password of the readonly user
> * operation fails
Ah. Super.
Thanks for the explanation.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Wed Jan 11 23:02:23 2006