[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN+apache: different auth per repo NOT using AuthzSVNAccessFile?

From: Chris Shenton <Chris.Shenton_at_hq.nasa.gov>
Date: 2005-08-01 22:10:13 CEST

I've currently got a few SVN repos fronted by Apache. Initially they
authenticated against the same file, per Apache:

 <Location /svn>
  DAV svn
  SVNParentPath /data1/svn
  AuthType Basic
  AuthName "Subversion code repository on Osiris"
  AuthUserFile /usr/local/apache2/conf/htpasswd-svn
  <LimitExcept GET PROPFIND OPTIONS REPORT>
   Require valid-user
  </LimitExcept>
 </Location>

Now I want to use different auth (or access control) per each
repository. I can NOT just create new sections with their own htpasswd
file like:

 <Location /svn/repo1>
   AuthUserFile /usr/local/apach2/conf/htpasswd-repo1
 </Location>
 <Location /svn/repo2>
   AuthUserFile /usr/local/apach2/conf/htpasswd-repo2
 </Location>

because they're subdirs and the top-level Location hides them.

The Subversion book shows me how to do this with AuthzSVNAccessFile:

  http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2

And I can implement this like:

 <Location /svn>
  DAV svn
  SVNParentPath /data1/svn
  AuthzSVNAccessFile /usr/local/apache2/conf/AuthzSVNAccessFile
  Satisfy Any
  Require valid-user
  AuthType Basic
  AuthName "Subversion code repository on Osiris"
  AuthUserFile /usr/local/apache2/conf/htpasswd-svn
 </Location>

The htpasswd-svn file does the authentication, then the
AuthzSVNAccessFile does the authorization, like:

  [/]
  *=r

  [repo1:/]
  fred, barny, astro=rw

  [repo2:/]
  wilma, betty, tralfaz=rw

My problem is that I'm using Trac

  http://www.edgewall.com/trac/

and it doesn't know anything about this AuthzSVNAccessFile so I can't
do repo-oriented access using the files I've created for SVN.

I could setup an Apache "group" file have each Trac instance require
the right group, but then I have to coordinate those groups with the
ones I implicately defined in AuthzSVNAccessFile -- which of course
will get out of sync.

Is there a way to config SVN, using SVNParentPath, to use per-repo
AuthUserFile's or specify per-repo Apache "group" files?

Any other suggestions for using the same user/group files for
different repos, to make it play nice with Trac?

Thanks.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 1 22:11:59 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.