[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

mod_auth_sspi + AuthzSVNAccessFile combo is broken

From: Ramakrishna B. Shenai <RShenai_at_facetime.com>
Date: 2004-07-08 04:34:34 CEST

My setup is as follows

Subversion 1.0.5 (Win32 exe)
Apache 2.0.50 (without SSL)
Win2K Professiona with SP4

Using mod_auth_sspi obtained from http://tortoisesvn.tigris.org/mod_auth_sspi.zip seems to pass the authenticated user in the form \\<domain>\<userid> to the mod_authz_svn. I have been unable to figure out how to setup the AuthzSVNAccessFile to recognize userids in this form.

However a version of mod_auth_sspi at http://www.deadbeef.com/software/sspi.html that is patched to offer a new directive called SSPIOmitDomain. Using this directive strips the domain name and now mod_authz_svn work as I expect it to.

Using the conf files given below I am now able to use SVN that way I want to:
- Avoid usage of .htacesss
- Ability to classify users in group based on their roles/responsibilities
- Multiple depots/repositories

Am I missing something very basic here or is there a problem with mod_authz_svn.

Thanks

Ramakrishna

==================== My conf files ===============
My svn.conf file looks like: (I am using the SVNParentPath directive so that I can have multiple depots/repositories being served by SVN)

<Location /svn>
   DAV svn
   SVNParentPath g:/repos

        AuthType SSPI
        SSPIAuth On
        SSPIAuthoritative On
        SSPIDomain pdchost
        SSPIOfferBasic On
        SSPIOmitDomain On
      AuthName "SVN Realm"
        AuthzSVNAccessFile g:/repos/svnaccess.conf
        <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require valid-user
        </LimitExcept>
</Location>

My svnaccess.conf file looks:

[groups]
developers = dev1,dev2,dev3
docs = doc1
#to allow everyone read access
[PRODUCT1:/]
* = r
#allow all developers complete access
@developers = rw
#give the doc people write access to the docs folder
[PRODUCT1:/docs]
@docs = rw

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 8 04:41:52 2004

This is an archived mail posted to the Subversion Users mailing list.