Stephane Bortzmeyer wrote:
>>My first question: Is the communication already secure (e.g. agains
>>man in the middle attack) if I securely transmitt my servers SSL
>>certificate to all clients or is it required that the clients
>>authenticate themselves with an SSL certificate too (in order to get
>>secured and verified communication)?
>Define "secure". What do you fear? That the MIM poses as the server or
>as a client? SSL can protect both.
I need both. I need the same security that I'd get when encrypting and
signing emails e.g. with GnuPG.
I get encryption to hide my data from others, and verification (my
message is signed with my key, thus I can check if the data has been
modified by others).
>>2nd Question how do I properly set up my apache that it uses https and
>>ONLY https for svn
>Here is what I do, note the automatic redirection if someone does not
>use SSL and uses the port 80:
Good idea :-)
>Redirect permanent / https://svn.generic-nic.net/
In the meantime I found some other information including the following
AuthName "Subversion repository"
First of all? Why is the <location> element within the <VirtualHost>?
And how do I properly all this SSL* directives? Should I place them
Afaik SSLRequireSSL means that a connection has to be SSL encoded. I
think I don't need the Satisfy directive but I don't completely
understand the first 4 SSL-directives.
>>1) "Normal" Password/User Authentication => How would my config files
>>look if I'd like to do that?
>Here is what I do, in the same <VirtualHost> (I use LDAP but the
>general idea is the same):
> AuthType Basic
> AuthName "Subversion Repository"
> AuthLDAPURL ldap://ldap.eureg.org/ou=People,dc=eureg,dc=eu?uid?sub?(objectClass=*)
> require valid-user
btw: Thanx for your help :)
Received on Tue May 10 22:07:41 2005