[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN+SSL+AuthzSVNAccess question

From: Kevin Bentley <kevin.bentley_at_gmail.com>
Date: 2005-03-18 17:35:58 CET

On Fri, 18 Mar 2005 08:18:58 +0100, Svein E. Seldal
<svein@dev.seldal.com> wrote:
> test.auth:
> -------------
> /C=NO/ST=Sor-Trondelag/O=TEST/CN=Svein
> Seldal/emailAddress=svein@somewhere:xxj31ZMTZzkVA
> (All in one line)
> test.policy:
> ---------------
> [test:/]
> * = r
> Svein Seldal = rw

Unfortunately, the username is the full context of the certificate:

" /C=NO/ST=Sor-Trondelag/O=TEST/CN=Svein

So you need to change your AuthzSVNAccessFile file. The other problem
is that Subversion can't parse this name correctly because it has an =
sign in it. A solution someone told me about is to create a group with
the certificate username in it, then use that group to assign
permissions. That will work around the = problem. Of course your
change logs will have the full certificate subject as the author.

I proposed a change to mod_ssl to allow the SSLUserName option to be
used with Subversion. That way you can specify which part of the
certificate to use as the username (such as the full name, or email
address). They made this change, and hopefully it will be in the next
release of apache. The bugzilla issue is

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Mar 18 17:38:32 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.