[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: some questions about setting up svn with Apache httpd

From: Stephane Bortzmeyer <bortzmeyer_at_nic.fr>
Date: 2005-05-10 21:37:32 CEST

On Tue, May 10, 2005 at 08:28:30PM +0200,
 Christoph Anton Mitterer <cam@mathematica.scientia.net> wrote
 a message of 63 lines which said:

> My first question: Is the communication already secure (e.g. agains
> man in the middle attack) if I securely transmitt my servers SSL
> certificate to all clients or is it required that the clients
> authenticate themselves with an SSL certificate too (in order to get
> secured and verified communication)?

Define "secure". What do you fear? That the MIM poses as the server or
as a client? SSL can protect both.

> 2nd Question how do I properly set up my apache that it uses https and
> ONLY https for svn

Here is what I do, note the automatic redirection if someone does not
use SSL and uses the port 80:

# Subversion
<VirtualHost 192.134.7.250:80>
ServerName svn.generic-nic.net
Redirect permanent / https://svn.generic-nic.net/
</VirtualHost>

<VirtualHost 192.134.7.250:443>
ServerName svn.generic-nic.net
SSLEnable
...

> 1) "Normal" Password/User Authentication => How would my config files
> look if I'd like to do that?

Here is what I do, in the same <VirtualHost> (I use LDAP but the
general idea is the same):

<Location />
  AuthType Basic
  AuthName "Subversion Repository"
  AuthLDAPURL ldap://ldap.eureg.org/ou=People,dc=eureg,dc=eu?uid?sub?(objectClass=*)
  require valid-user
</Location>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue May 10 21:42:49 2005

This is an archived mail posted to the Subversion Users mailing list.