[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Active Directory authentication for Subversion

From: Dominic Anello <danello_at_danky.com>
Date: 2004-05-01 18:58:48 CEST

On 2004-05-01 14:30:17 +1000, Daniel F Garcia wrote:
> Thank you, thank you this worked really well. Also I replace your
> Limitexcept block with
> <LimitExcept GET>
> Require valid-user
> </LimitExcept>
> And now web browsing doesn't require authentication, but everything else
> does.

Glad it worked. <LimitExcept MERGE> is required if you have something
like this in your AuthzSVN config file:
fred = r

fred = rw

fred = rw

Then if user fred tries to do something like:
$ svn cp http://server/svn/foo/baz http://server/svn/bar/baz -m "test"

He will get access denied by authz because svn sends a MERGE to the
common parent of /foo and /bar. The <LimitExcept> prevents MERGE
requests from being checked. I don't know if it has any security side
effects, but my repo is on an intranet anyway, so I'm not too concerned
about users hand-crafting malicious MERGE requests.

Current soundtrack: 'Kimya Dawson - My Cute Friend Sweet Princess - 6 -
The Beer'

  • application/pgp-signature attachment: stored
Received on Sat May 1 18:58:08 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.