Re: newbie vs access control

From: Seth Falcon <sfalcon_at_fhcrc.org>
Date: 2004-05-05 20:26:04 CEST

On Wed, May 05, 2004 at 06:49:30PM +0100, Robin Becker wrote:
> First off I don't really understand example 6.3. Is it authz_svn_module &
> AuthzSVNAccessFile that triggers a username request? Can I also require
> that a valid group be obtained? Are the group names from my AuthGroupFile
> usable inside AuthzSVNAccessFile?

My understanding is that:

- Authentication can be handled either by authz_svn or any Apache module
that can "fake" BasicAuth.

- Access control is handled by authz_svn. Groups are defined in the
AuthzSVNAccessFile and BasicAuth groups do not get used. The
AuthzSVNAccessFile can define default access policies.

> Secondly is there any way to control access within a repository using
> apache Location & Rewrite?

No, that's what authz_svn is for. On the surface, using Location and
LocationMatch directives with Apache auth will appear to work, but it
won't be secure. The reason, IIRC, is that svn uses mangled URLs to do
the WEBDAV stuff and those URLs won't match your Location directives.
Otherwise, there wouldn't really be a point of the authzsvn module ;-)

+ seth

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 5 20:26:47 2004

This message: [ Message body ]
Next message: Robin Becker: "Re: newbie vs access control"
Previous message: Robin Becker: "Re: newbie vs access control"
In reply to: Robin Becker: "newbie vs access control"
Next in thread: Robin Becker: "Re: newbie vs access control"
Reply: Robin Becker: "Re: newbie vs access control"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]