[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AW: mod_authz_svn + ssl + certificates doesn't work?

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2004-03-30 15:17:13 CEST

Hunkel, Manfred wrote:
> ad (1): Correct. Using basic authentication, you must have a htpasswd-file.


> ad (2): Anybody else reading this? Correct me if I'm mistaken here, but
> the mechanism of authz_svn always requires a username (possibly a member of
> a group as defined in its access file), no matter how this name is being obtained.
> In other words: No username, no authorisation check via authz_svn.

Correct. This is a flaw in apache2.0's design, and is corrected in

> What you're looking for is a piece of magic that, given a certificate, pulls an associated
> username out of its hat in order to enable authorisation. Correct?

Hermann: I think what you want is the +FakeBasicAuth option for SSL
certificates. Read all about it in the apache docs. After a client
certificate is verified, a Basic Auth header is "added" the request
which contains the cert's DN. That allows authorization modules to
work. It means you need to write your access file using DNs.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 30 15:18:23 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.