[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AuthzSVNAccessFile without AuthUserFile?

From: Nick Thompson <nickthompson_at_agere.com>
Date: 2006-02-28 11:29:03 CET

D'oh

mod_auth_kerb asks for password for user nickthompson (in my example),
but authenticates the user nickthompson@EXAMPLE.COM. So this works...

--------------------------------------------------------
# doesn't works with true basic, but does work with kerberos
[groups]
all = nickthompson@EXAMPLE.COM

[/]
@all = rw
--------------------------------------------------------

Well, hey, maybe somebody who want's to also set up windows DC
authentication will find something useful here :-)

Nick.

On Tuesday 28 February 2006 10:12, Nick Thompson wrote:
> Hi,
>
> apache 2.0.55, SVN 1.3.0, mod_auth_kerb-5.0-rc6
>
> I've been trying to get windows authentication going on a Linux
> server, with a little success. I have installed mod-auth-kerb and
> it authenticates nicely using basic authentication, but using a
> windows DC to verifiy the passwords. However, now I'm trying to
> control access to the repos with and authz file. With true basic
> authentication I have this:
>
> <Location /svn>
> DAV svn
> SVNParentPath /svn
> SVNListParentPath on
> SetOutputFilter DEFLATE
> AuthzSVNAccessFile /etc/svn-authz-file
>
> AuthType Basic
> AuthName "MTD DSP Software Subversion Repository"
> AuthUserFile /etc/svn-auth-file
>
> Require valid-user
> </Location>
>
> The Authz file then seems to work as expected. For Kerberos I have
> the following:
>
> <Location /svn>
> DAV svn
> SVNParentPath /svn
> SVNListParentPath on
> SetOutputFilter DEFLATE
> AuthzSVNAccessFile /etc/svn-authz-file
>
> AuthType Kerberos
> AuthName "MTD DSP Software Subversion Repository"
> KrbAuthRealms EXAMPLE.COM
> Krb5Keytab /opt/httpd/2.0.55/conf/server.keytab
> KrbMethodK5Passwd on
> KrbMethodK4Passwd off
> KrbVerifyKDC off
>
> Require valid-user
> </Location>
>
> Now, the Authz module seems not to know the username. So *
> wildcards for anonymous access are working in the Authz file, but
> not groups or individual users.
>
> The authentication works fine. If I have [/] * = rw, I can read and
> write all the repos correectly. It's only per-path permissions that
> seem to be messed up.
>
> Fallen at the last hurdle :-( Am I on to a loser here?
>
> --------------------------------------------------------
> # works with true basic, but not kerberos
> [groups]
> all = nickthompson
>
> [/]
> @all = rw
> --------------------------------------------------------
>
> Regards,

-- 
> Nick Thompson
> Agere Systems Ltd
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Feb 28 11:40:19 2006

This is an archived mail posted to the Subversion Users mailing list.