[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: mod_authz_svn + ssl + certificates doesn't work?

From: Hermann Voßeler <hermann.vosseler_at_baaderbank.de>
Date: 2004-03-30 13:35:35 CEST

Hunkel, Manfred wrote:
> Exactly my point:
> authz_svn must be passed a user name, no matter how authentication is achieved.
> What's the content of your access file, then? There _are_ names in there, right?
>
Exactly. *When* I use a access file, then there are names and PWs in
there. And in this case, there is no enforced correlation to the CN or
DN of the Certificate. And acces control is based /solely/ on the name
retrieved by basic auth via access file (ist that right?)

But -- I pointed this out before -- we want to aviod using a acess file.
We plan to integrate with a PKI. The useres will have USB-dongles with
their Certificates, that's all.

And this is the problem:
1) If I use "require valid user", then it seems I am forced to have
    a htpasswd file and additional names/PWs in it and acess control
    is based on this names *solely*
2) If I remove "require valid user" and retain only
    "SSLVerifyClient require", then authz_svn doesn't impose any
    access restrictions. It seems simply to ignore everything and
    grant full RW access to everyone (who, of course, has a valid
    certificate).
    My impression is, that at least this module should *refuse*
    access for everyone because it can not derive any valid userid
    to base acces on. Or am I wrong?

Cheers,
  Hermann

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 30 13:36:19 2004

This is an archived mail posted to the Subversion Users mailing list.