[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: mod_authz_svn + ssl + certificates doesn't work?

From: Hunkel, Manfred <M.Hunkel_at_t-systems.com>
Date: 2004-03-30 12:15:42 CEST

Hermann,

Basically, ssl etc. do work. We've got a setup where http-access is exclusively via ssl,
with "home-made" CA, with mod_authz_svn, but also with a htpasswd-file. Via htpasswd,
one doesn't create new logins/passwords, but rather names/passwords referred to in your
authz_svn access file. How else would you like Apache to find out about a "valid-user"?

Cheers,
-Manfred

-----Ursprüngliche Nachricht-----
Von: Hermann Voßeler [mailto:hermann.vosseler@baaderbank.de]
Gesendet am: Dienstag, 30. März 2004 11:59
An: users@subversion.tigris.org
Betreff: mod_authz_svn + ssl + certificates doesn't work?

Hello,

first of all -- thanks for Subversion!!!

My apologies if this is a FAQ.
Am I doing something wrong (or is this a known problem)?

I have configured Subversion for acces via Apache and SSL.
I use Certificates for authentication. The Certificates are
signed by a "home made" CA. Works fine this far.

But -- mod_authz_svn seems to be not operative at all.
No access restrictions apply.

At the moment, I add basic auth (via htpasswd file),
the access restrictions defined for mod_authz_svn apply as well.

But I don't want to be forced to set up a htpasswd file and
to manage additional logins and passwords. We plan to integrate
the svn access into a PKI in near future.
I know it is possible to realize access restrictions based on
the DN of the Certificates, but this is rather cumbersome and
not easy to maintain.

-------------------------inside-SSL-virtual-host--------------
SSLVerifyClient require
SSLVerifyDepth 1

<Location /svn/Test>
     DAV svn
     SVNPath /home/svn/Test

         AuthzSVNAccessFile /etc/httpd/conf.d/subversion.access
         SSLRequireSSL
         SSLUserName SSL_CLIENT_S_DN_CN
         SSLOptions +StdEnvVars
# Require valid-user
# AuthType Basic
# AuthName "Subversion"
# AuthUserFile /etc/httpd/conf.d/subversion.user
# SSLOptions +FakeBasicAuth
# satisfy all
</Location>
-------------------------inside-SSL-virtual-host--------------

At the moment I add the statements commented out, the
access rules defined in "subversion.access" are honored.

Btw: I am using ssl_user_module by Martin v. Loewis in order
to avoid "(no author)" in Log messages. Works fine.
Thanks to Martin!

-- 
Hermann Vosseler
---------------------------------------------------------------
Hermann Voßeler
IT/Developement
Baader Wertpapierhandelsbank AG
Weihenstephaner Straße 4
D-85716 Unterschleißheim
eMail: hermann.vosseler@baaderbank.de
Internet: www.baaderbank.de
---------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 30 12:18:51 2004

This is an archived mail posted to the Subversion Users mailing list.