[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

user names from ssl client certificates with mod_authz_svn

From: Jan <janreise_at_yahoo.de>
Date: 2004-08-15 11:59:22 CEST

I have a problem setting up mod_authz_svn in combination with ssl
client certificates:

I'm trying to access a repository at a URL
https://my.server.org:443/svn/test-repository from a Mozilla Firefox

This works just fine as long as I don't use mod_authz_svn, i.e. as long
as I comment out the line
    'AuthzSVNAccessFile /etc/apache/svn-access/access-file'
from my dav_svn.conf.

As soon as I comment it in, I get an 'Access denied' error.

Could it be that mod_authz_svn does not recognize the user name format
used in ssl distinguished names? Or am I simply messing up the syntax?

I have added log and configuration files below.

Thanks in advance for any pointers

Apache log:
[Sun Aug 15 11:30:17 2004] [info] Connection to child 0 established  
(server my.server.org:443, client
[Sun Aug 15 11:30:17 2004] [info] Seeding PRNG with 512 bytes of entropy
[Sun Aug 15 11:30:19 2004] [info] Initial (No.1) HTTPS request received  
for child 0 (server my.server.org:443)
[Sun Aug 15 11:30:19 2004] [info] Requesting connection re-negotiation
[Sun Aug 15 11:30:19 2004] [info] Awaiting re-negotiation handshake
[Sun Aug 15 11:30:21 2004] [info] Faking HTTP Basic Auth header:  
"Authorization: Basic  
[Sun Aug 15 11:30:21 2004] [error] [client] Access  
denied: '/O=Test/OU=Test  
--- begin ---
<Location /svn>
   DAV svn
   SVNParentPath /var/subversion
   SSLVerifyClient require
   SSLVerifyDepth 1
   SSLCACertificatePath    /etc/apache/private
   SSLCACertificateFile    /etc/apache/private/rootcert.pem
   SSLOptions +FakeBasicAuth
   Require valid-user
   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/apache/svn-access/auth-file
   AuthzSVNAccessFile /etc/apache/svn-access/access-file
--- end ---
--- begin ---
--- end ---
--- begin ---
= rw
--- end
note: I've already tried the user name without quotes, with single  
quotes ('), and with double quotes (").
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Aug 15 16:02:40 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.