[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

user names from ssl client certificates with mod_authz_svn

From: Jan <janreise_at_yahoo.de>
Date: 2004-08-15 11:59:22 CEST

I have a problem setting up mod_authz_svn in combination with ssl
client certificates:

I'm trying to access a repository at a URL
https://my.server.org:443/svn/test-repository from a Mozilla Firefox
browser.

This works just fine as long as I don't use mod_authz_svn, i.e. as long
as I comment out the line
    'AuthzSVNAccessFile /etc/apache/svn-access/access-file'
from my dav_svn.conf.

As soon as I comment it in, I get an 'Access denied' error.

Could it be that mod_authz_svn does not recognize the user name format
used in ssl distinguished names? Or am I simply messing up the syntax?

I have added log and configuration files below.

Thanks in advance for any pointers
Jan

---
Apache log:
[Sun Aug 15 11:30:17 2004] [info] Connection to child 0 established  
(server my.server.org:443, client 211.7.133.102)
[Sun Aug 15 11:30:17 2004] [info] Seeding PRNG with 512 bytes of entropy
[Sun Aug 15 11:30:19 2004] [info] Initial (No.1) HTTPS request received  
for child 0 (server my.server.org:443)
[Sun Aug 15 11:30:19 2004] [info] Requesting connection re-negotiation
[Sun Aug 15 11:30:19 2004] [info] Awaiting re-negotiation handshake
[Sun Aug 15 11:30:21 2004] [info] Faking HTTP Basic Auth header:  
"Authorization: Basic  
L089ajd8snfklx0DJNv9dlsncc2lvbiBVc2Vycy9lbWXi8asd9DHJ873NjskdjfVpc2VAeWF 
ob28uZGUvTD1LaWVsL1NUPVNjaGxlc3dpZy1Ib2xzdGVpbi9DPURFL0NOPWpyZWlzZTpwYXN 
zd29yZA"
[Sun Aug 15 11:30:21 2004] [error] [client 211.7.133.102] Access  
denied: '/O=Test/OU=Test  
Users/emailAddress=janreise@yahoo.de/L=Test/ST=Test-State/C=DE/CN=jan'  
GET /
dav_svn.conf:
--- begin ---
<Location /svn>
   SSLRequireSSL
   DAV svn
   SVNParentPath /var/subversion
   SSLVerifyClient require
   SSLVerifyDepth 1
   SSLCACertificatePath    /etc/apache/private
   SSLCACertificateFile    /etc/apache/private/rootcert.pem
   SSLOptions +FakeBasicAuth
   Require valid-user
   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/apache/svn-access/auth-file
	
   AuthzSVNAccessFile /etc/apache/svn-access/access-file
</Location>
--- end ---
auth-file:
--- begin ---
/O=Test/OU=Test  
Users/emailAddress=janreise@yahoo.de/L=Test/ST=Test-State/C=DE/CN=jan:
--- end ---
access-file:
--- begin ---
[test-repository:/]
'/O=Test/OU=Test  
Users/emailAddress=janreise@yahoo.de/L=Test/ST=Test-State/C=DE/CN=jan'  
= rw
--- end
note: I've already tried the user name without quotes, with single  
quotes ('), and with double quotes (").
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Aug 15 16:02:40 2004

This is an archived mail posted to the Subversion Users mailing list.