Re: Active Directory authentication for Subversion

From: Dominic Anello <danello_at_danky.com>
Date: 2004-05-01 18:58:48 CEST

On 2004-05-01 14:30:17 +1000, Daniel F Garcia wrote:
> Thank you, thank you this worked really well. Also I replace your
> Limitexcept block with
>
> <LimitExcept GET>
> Require valid-user
> </LimitExcept>
>
> And now web browsing doesn't require authentication, but everything else
> does.
----8<----

Glad it worked. <LimitExcept MERGE> is required if you have something
like this in your AuthzSVN config file:
-------------------------
[/]
fred = r

[/foo]
fred = rw

[/bar]
fred = rw
-------------------------

Then if user fred tries to do something like:
$ svn cp http://server/svn/foo/baz http://server/svn/bar/baz -m "test"

He will get access denied by authz because svn sends a MERGE to the
common parent of /foo and /bar. The <LimitExcept> prevents MERGE
requests from being checked. I don't know if it has any security side
effects, but my repo is on an intranet anyway, so I'm not too concerned
about users hand-crafting malicious MERGE requests.

--
Current soundtrack: 'Kimya Dawson - My Cute Friend Sweet Princess - 6 -
The Beer'

application/pgp-signature attachment: stored

Received on Sat May 1 18:58:08 2004

This message: [ Message body ]
Next message: Branko Čibej: "Re: Windows hooks"
Previous message: Jack Ivey: "RE: svnadmin hotcopy problem with strings > 2G"
In reply to: Daniel F Garcia: "RE: Active Directory authentication for Subversion"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]