[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN+SSL+AuthzSVNAccess question

From: Svein E. Seldal <svein_at_dev.seldal.com>
Date: 2005-03-18 08:18:58 CET

Hi all,

I'm trying to setup a svn rep. with apache2 using required user certificates.
These certificates should decide if a user get access or not based on the
AuthzSVNAccess file. But I cannot get it to work. My certificates and the
apache config is correct, but the svn config isnt going where I want. Can
someone please guide me?

The complete config is listed below.

The apache SSL fake basic auth feature makes it possible to list the allowed
users in the "AuthUserFile" file. The username in this file is the complete
subject of the certificate (i.e. "/C=xx/ST=xx/O=x/CN=xx" etc)
with or without any spaces.

- What will the username that svn is using be? ...In the AuthzSVNAccess
file that is?

If the mod_ssl option "SSLUserName" is set to "SSL_CLIENT_S_DN_CN" and its
working for svn, I would guess that the username will be the CN part of the
certificate. This will for my case lead to spaces in the username. So:

- Can I have spaces in the usernames in the AuthzSVNAccess file? How?

My config allows me to check out, but not check in. If I remove the "* = r" in
the access file, it works (with the certificates and all). But then I dont
have any access control...

Have anyone else experience with this?

Regards,
Svein Seldal

Server:
Apache/2.0.53 (Debian GNU/Linux) DAV/2 SVN/1.1.3 PHP/4.3.10-9 mod_ssl/2.0.53
OpenSSL/0.9.7e Server at sveinse.foobar Port 443

apache configuration:
------------------------------
        <Location /svn>
                DAV svn
                SVNParentPath /home/sveinse/local/var/svn

                # our access control policy
                AuthzSVNAccessFile /home/sveinse/local/var/svn/test.policy

                # only authenticated users may access the repository
                Require valid-user

                # how to authenticate a user
                SSLOptions +FakeBasicAuth
                SSLUserName SSL_CLIENT_S_DN_CN
                AuthType Basic
                AuthName "Test subversion repository"
                AuthUserFile /home/sveinse/local/var/svn/test.auth
        </Location>

test.auth:
-------------
/C=NO/ST=Sor-Trondelag/O=TEST/CN=Svein
Seldal/emailAddress=svein@somewhere:xxj31ZMTZzkVA

(All in one line)

test.policy:
---------------
[test:/]
* = r
Svein Seldal = rw

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Mar 18 08:21:49 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.