On Fri, 18 Mar 2005 08:18:58 +0100, Svein E. Seldal
<svein@dev.seldal.com> wrote:
> test.auth:
> -------------
> /C=NO/ST=Sor-Trondelag/O=TEST/CN=Svein
> Seldal/emailAddress=svein@somewhere:xxj31ZMTZzkVA
>
> (All in one line)
>
> test.policy:
> ---------------
> [test:/]
> * = r
> Svein Seldal = rw
Unfortunately, the username is the full context of the certificate:
" /C=NO/ST=Sor-Trondelag/O=TEST/CN=Svein
Seldal/emailAddress=svein@somewhere:xxj31ZMTZzkVA"
So you need to change your AuthzSVNAccessFile file. The other problem
is that Subversion can't parse this name correctly because it has an =
sign in it. A solution someone told me about is to create a group with
the certificate username in it, then use that group to assign
permissions. That will work around the = problem. Of course your
change logs will have the full certificate subject as the author.
I proposed a change to mod_ssl to allow the SSLUserName option to be
used with Subversion. That way you can specify which part of the
certificate to use as the username (such as the full name, or email
address). They made this change, and hopefully it will be in the next
release of apache. The bugzilla issue is
http://issues.apache.org/bugzilla/show_bug.cgi?id=31418
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Mar 18 17:38:32 2005