[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: newbie vs access control

From: Seth Falcon <sfalcon_at_fhcrc.org>
Date: 2004-05-05 20:26:04 CEST

On Wed, May 05, 2004 at 06:49:30PM +0100, Robin Becker wrote:
> First off I don't really understand example 6.3. Is it authz_svn_module &
> AuthzSVNAccessFile that triggers a username request? Can I also require
> that a valid group be obtained? Are the group names from my AuthGroupFile
> usable inside AuthzSVNAccessFile?

My understanding is that:

- Authentication can be handled either by authz_svn or any Apache module
  that can "fake" BasicAuth.

- Access control is handled by authz_svn. Groups are defined in the
  AuthzSVNAccessFile and BasicAuth groups do not get used. The
  AuthzSVNAccessFile can define default access policies.

> Secondly is there any way to control access within a repository using
> apache Location & Rewrite?

No, that's what authz_svn is for. On the surface, using Location and
LocationMatch directives with Apache auth will appear to work, but it
won't be secure. The reason, IIRC, is that svn uses mangled URLs to do
the WEBDAV stuff and those URLs won't match your Location directives.
Otherwise, there wouldn't really be a point of the authzsvn module ;-)

+ seth

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 5 20:26:47 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.