[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: user names from ssl client certificates with mod_authz_svn

From: Jan <janreise_at_yahoo.de>
Date: 2004-08-16 00:08:28 CEST

Travis,

my problem doesn't seem to be the DN/user name at all but rather
something with the [repos-name:path] section header in my access-file.

Your mention of SVNPath put me on the right track: My configuration
works if I use SVNPath rather than SVNParentPath, _or_ if I omit the
repository name from the section header. I have no idea yet what's
happening here, but I guess I'll get it figured out somehow.

BTW: FakeBasicAuth works fine for me without a password (same as with
DES encrypted "password" string as stated in the Apache docs).

Thanks for your help
Jan

Am 15.08.2004 um 20:32 schrieb Travis P:

>
> On Aug 15, 2004, at 4:59 AM, Jan wrote:
>> auth-file:
>>
>> --- begin ---
>> /O=Test/OU=Test
>> Users/emailAddress=janreise@yahoo.de/L=Test/ST=Test-State/C=DE/
>> CN=jan:
>> --- end ---
>>
>
> You need to supply a password: hashed "password". See FakeBasicAuth
> description on
> http://httpd.apache.org/docs-2.1/mod/mod_ssl.html
>
> It might be easier to get everything working by breaking your problem
> into two parts:
> (1) Try to access a secure page with https
> (2) Try to access Subversion repository with https
>
> In this case, you'd see (1) would have failed, so you'd know the
> problem wasn't related to Subversion stuff.
>
>> access-file:
>>
>> --- begin ---
>> [test-repository:/]
>> '/O=Test/OU=Test
>> Users/emailAddress=janreise@yahoo.de/L=Test/ST=Test-State/C=DE/
>> CN=jan' = rw
>> --- end ---
>
> I don't remember if I had any trouble using names on the left because
> I ended up using groups and that definitely works without any quoting.
> Something like this works for me (I use SVNPath rather than
> SVNParentPath, so your will be different in that respect):
> --- begin ---
> [groups]
> developers = /CN=Joe Smith, /CN=Jane Doe
>
> # Allow Everyone to read the bottom of the tree
> [/]
> * = r
> @developers = rw
>
> # Special permissions for projectA tree
> [/projectA]
> * =
> @developers = rw
> --- end ---
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 16 00:00:09 2004

This is an archived mail posted to the Subversion Users mailing list.