[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

mod_authz_svn + ssl + certificates doesn't work?

From: Hermann Voßeler <hermann.vosseler_at_baaderbank.de>
Date: 2004-03-30 11:59:04 CEST


first of all -- thanks for Subversion!!!

My apologies if this is a FAQ.
Am I doing something wrong (or is this a known problem)?

I have configured Subversion for acces via Apache and SSL.
I use Certificates for authentication. The Certificates are
signed by a "home made" CA. Works fine this far.

But -- mod_authz_svn seems to be not operative at all.
No access restrictions apply.

At the moment, I add basic auth (via htpasswd file),
the access restrictions defined for mod_authz_svn apply as well.

But I don't want to be forced to set up a htpasswd file and
to manage additional logins and passwords. We plan to integrate
the svn access into a PKI in near future.
I know it is possible to realize access restrictions based on
the DN of the Certificates, but this is rather cumbersome and
not easy to maintain.

SSLVerifyClient require
SSLVerifyDepth 1

<Location /svn/Test>
     DAV svn
     SVNPath /home/svn/Test

         AuthzSVNAccessFile /etc/httpd/conf.d/subversion.access
         SSLUserName SSL_CLIENT_S_DN_CN
         SSLOptions +StdEnvVars
# Require valid-user
# AuthType Basic
# AuthName "Subversion"
# AuthUserFile /etc/httpd/conf.d/subversion.user
# SSLOptions +FakeBasicAuth
# satisfy all

At the moment I add the statements commented out, the
access rules defined in "subversion.access" are honored.

Btw: I am using ssl_user_module by Martin v. Loewis in order
to avoid "(no author)" in Log messages. Works fine.
Thanks to Martin!

Hermann Vosseler
Hermann Voßeler
Baader Wertpapierhandelsbank AG
Weihenstephaner Straße 4
D-85716 Unterschleißheim
eMail: hermann.vosseler@baaderbank.de
Internet: www.baaderbank.de
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 30 12:00:01 2004

This is an archived mail posted to the Subversion Users mailing list.