[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: newbie vs access control

From: Robin Becker <robin_at_reportlab.com>
Date: 2004-05-05 20:23:40 CEST

Scott Lawrence wrote:
> On Wed, 2004-05-05 at 13:49, Robin Becker wrote:
>
......
> My understanding is that those are two different things -
> authz_svn_module & AuthzSVNAccessFile are access control _inside_ svn
> itself.
>

The example seems to imply something else eg
"In this setup, all users start out accessing the repository anonymously. If
your access control policy demands a real username at any point,Apache will
demand authentication from the client. To do this, you use both the Satisfy Any
and Require valid-user directives together."

<Location /repos>
        DAV svn
        SVNParentPath /usr/local/svn
        # our access control policy
        AuthzSVNAccessFile /path/to/access/file
        # try anonymous access first, resort to real
        # authentication if necessary.
        Satisfy Any
        Require valid-user
        # how to authenticate a user
        AuthType Basic
        AuthName "Subversion repository"
        AuthUserFile /path/to/users/file
</Location>

My understanding was that Require valid-user is skipped initially and then
mod_dav_svn eventually needs a user name presumably because of the
AuthzSVNAccessFile specification. Then a valid user is requested. I'll have to
exeperiment to test if that's not the case.

> AuthGroupFile is implemented in mod_access in Apache.
>
>
>>Secondly is there any way to control access within a repository using apache
>>Location & Rewrite?
>
>
> Yes, I do all the access control in apache using http authentication.
> This means that the only (write) access to the repository has to be
> through http - no svnserve, no file access (we actually do some
> read-only access on the server itself through file access, but _never_
> write access). I'd be happy to post examples...
>

That would be great; my understanding of Rewrite is poor. I have a suspicion
that RewriteBase is involved in the sort of things I might need to do. 

-- 
Robin Becker
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 5 20:24:10 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.