RE: [Warning: External Sender. Domain Possibly Forged] svn + apache + ssl
If the bot thinks I am an external sender, then what URL do I send to so it doesn't think this? I have registered and gotten a confirmation "WELCOME to firstname.lastname@example.org" message. I am sending to email@example.com. Is this wrong?
From: Van Echaute, Peter
Sent: Wednesday, December 22, 2004 1:43 PM
Subject: [Warning: External Sender. Domain Possibly Forged] svn + apache + ssl
I hope your all having a good holiday season so far. I'm attempting to setup a SVN server. My machine is RHEL 3 using Apache 2.0.52, mod_ssl 2.0.52, OpenSSL 0.9.7a, DAV 2, and SVN 1.1.1. What I would like to accomplish is svn access through Apache and being authenticated using a single SSL x509 cert. I have a group of local accounts that are chroot jailed, so straight svn access isn't something I can do (ex: svn co svn://ip/svn/repo). So what I forsee is access through Apache which doesn't go through the local accounts (ex: svn co https://ip/svn/repo). I understand that during the checkout, that it stores user credentials. My problem is that I can 'co' just fine, but I can't edit and then commit. Here is the command I used to create the working copy...
svn co --username testaccount --password testaccount https://192.168.1.254/svn/design
I created an account called 'testaccount'. Here is the config portions that are relavent...
# our access control policy
# try anonymous access first, resort to real
# authentication if necessary.
# how to authenticate a user
AuthName "Subversion repository"
NOTE: The AuthUserFile directive above and the password-db are two different files but httpdxxx is htpasswd encrypted and the svn-authxxx is plain text. Both containing the same info though.
password-db = /usr/local/subversion/svn-auth-users-pw
realm = Design Engineering
# anonymous users aren't allowed
anon-access = none
# authenticated users can both read and write
auth-access = write
the svnserver is run as svn...
svn 32481 0.0 0.0 4936 940 ? S Dec21 0:00 /usr/local/bin/svnserve.orig -d -T -r /usr/local/subversion/repositories
I created the repo as such...
svnadmin create /usr/local/subversion/repositories/design
chown -R svn:svn *
chmod 775 design
chmod -R g=u design
/usr/local/bin/htpasswd -m /usr/local/subversion/httpd-svn-auth-users-pw testaccount
everyone = testaccount
testaccount-host = 192.168.1.23
@everyone = rw
ssl-client-cert-file = /usr/local/conf/ssl.users/sslusers.p12
ssl-client-cert-password = blah
I have created three sets of SSL certs (CA, Server, Client)...
ca.csr ca.key server.csr server.key sslusers.csr sslusers.key
ca.crt server.crt sslusers.crt
I'm not sure what else to add here, but here is my problem...
svn co -username testaccount -password testaccount https://192.168.1.254/svn/design
svn commit -m "testing." --username testaccount --password testaccount
Authentication realm: https:// 192.168.1.254:443
Client certificate filename: /home/testaccount/sslusers.p12
Passphrase for '/home/testaccount/sslusers.p12':
Transmitting file data .svn: Commit failed (details follow):
svn: PUT of '/svn/design/!svn/wrk/93cedd7b-d8eb-0310-b2c4-90868bc6e483/freebios2/targets/nvidia/nforce4/Config.lb': 403 Forbidden (https:// 192.168.1.254)
Any help is greatly appreciated. Happy Holidays.
Received on Wed Dec 22 22:32:26 2004
This is an archived mail posted to the Subversion Users