[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Accessing SVN repository via Apache and SSL client certificate? Almost there, but something is missing.

From: Phillip Susi <psusi_at_cfl.rr.com>
Date: 2005-05-13 04:44:41 CEST

You want to use the SSLUserName directive to extract a field from the
client certificate and use it as their username. Usually you just use
the common name field from the certificate. Once you do that, I believe
that mod_authz_svn will recognize the user by the common name and you
can specify their access without having to prompt for another basic auth
username/password.

Christoph Anton Mitterer wrote:

>Uhmm,... I have no idea at all *g*,...
>Currently I've set up the following mod_dav_svn configuration (see
>attachments).
>
>And what I wanted to do now was,... to take away the AuthType Basic
>stuff at all,... and make the whole autorization / authentication thing
>using the SSL client certificates only (Thought a 4096 bit key within
>the certificates should be much better than the passwords from Authtype
>basic ;) ).
>
>But my problem is: If I take the whole AuthType Basic AuthUserFile etc.
>away,... I cannot set up my AuthzSVNAccessFile /srv/svn/access because I
>have to use the "user-names" there, e.g.:
>[myFirstRepos:/]
>user1=rw
>user3=
>user2=r
>
>and so on,.. but how can I integrate information from the certificates
>there? And which one (Name, Serial Number, etc) would be the best (that
>means an information that has been signed by my CA Certificate and is
>thus secured to be unique)?
>
>Thanks and regards,
>cam.
>
>
>------------------------------------------------------------------------
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 13 04:47:46 2005

This is an archived mail posted to the Subversion Users mailing list.