[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Apache and Radius Authentication

From: David Heppenstall <David.Heppenstall_at_rci.rogers.com>
Date: 2006-03-06 17:33:07 CET

I've made some changes to my Location directive and have only found one
attribute which (strangely) affects the behavior of Subversion.

Adding the "Satisfy All|Any" appears to direct if the SVN filesystem XML
generator is launched or not.

For example, if I add "Satisfy All," the hosted repository behaves as if
there were no Authentication directives at all. I am granted access
through the client without being prompted for a username/password.

However, if I add "Satisfy Any," the precise same behavior I described
earlier is observed: when I try to view the url in a web browser, I am
presented with a 404 error after entering a correct username and
password. In the CLI client, I am presented with a 405 error.

The current config w/ change:
><Location /svn>
> DAV svn
> SVNParentPath /opt/svn
> AuthType Basic
> AuthName "RADIUS authentication."
> AuthAuthoritative off
> AuthRadiusAuthoritative on
> AuthRadiusCookieValid 5
> AuthRadiusActive On
    Satisfy Any
> require valid-user
> </Location>

Thanks in advance for any pointers to help solve this problem.

 - Dave

-----Original Message-----
From: David Heppenstall
Sent: Friday, March 03, 2006 1:58 PM
To: users@subversion.tigris.org
Subject: RE: Apache and Radius Authentication

I've created a symbolic link to the subversion root directory inside my
DocumentRoot directory, however now, instead of a 404 error, I get a 401
error - even though I am certain I am entering correct credentials. :|

Any ideas?

 - Dave

-----Original Message-----
From: David Heppenstall
Sent: Friday, March 03, 2006 8:06 AM
To: users@subversion.tigris.org
Subject: RE: Apache and Radius Authentication

I'm running Solaris and have downloaded the binary for Subversion from
www.sunfreeware.com, I've just now checked - but the most recent version
they have (and therefore the one I am running) is not 1.3.0, but 1.2.3.

Should I upgrade?

Will this solve the problem?

Thank you.

 - Dave

-----Original Message-----
From: David Heppenstall
Sent: Thursday, March 02, 2006 4:50 PM
To: Rob van Oostrum; users@subversion.tigris.org
Subject: RE: Apache and Radius Authentication

I get a 403 Forbidden error when I try to look at the root of my SVN
repositories, as I expect. This happens when I try to look directly at
http://<ip>/svnbackdoor/ as well. I can hit a repository directly at
http://<ip>/svnbackdoor/repo/ just fine.

However, I get a 404 Not Found error if I browse to http://<ip>/svn/
(expect a 403) or if I hit a repository directly at
http://<ip>/svn/repo/. I'm asked for my RADIUS login in both cases.

 - Dave

-----Original Message-----
From: Rob van Oostrum [mailto:rob.vanoostrum@blastradius.com]
Sent: Thursday, March 02, 2006 4:36 PM
To: David Heppenstall; users@subversion.tigris.org
Subject: RE: Apache and Radius Authentication

You can't hit the parent path directly without turning that feature on
explicitly (need 1.3.0 for that).

Try hitting a repository under your parent path. Should work.

> -----Original Message-----
> From: David Heppenstall [mailto:David.Heppenstall@rci.rogers.com]
> Sent: Thursday, March 02, 2006 4:31 PM
> To: users@subversion.tigris.org
> Subject: Apache and Radius Authentication
>
> Hello,
>
> I'm having some problems serving Subversion repositories over Apache
in
> conjunction with RADIUS authentication.
>
> I have followed the instructions in Chapter six of the SVN book and
have
> managed to get this working no problem:
> <Location /svnbackdoor>
> DAV svn
> SVNParentPath /opt/svn
> </Location>
>
> In addition, I have added the FreeRadius mod_auth_radius module to
> Apache and have also managed to get this working: <Location
> /securetest>
> AuthType Basic
> AuthName "RADIUS authentication for no reason other than to annoy
> you."
> AuthAuthoritative off
> AuthRadiusAuthoritative on
> AuthRadiusCookieValid 5
> AuthRadiusActive On
> require valid-user
> </Location>
>
> I assumed that just by concatenating these two fully-functioning
> configurations that I would have a working RADIUS-Authenticated
> Subversion url: <Location /svn>
> DAV svn
> SVNParentPath /opt/svn
> AuthType Basic
> AuthName "RADIUS authentication."
> AuthAuthoritative off
> AuthRadiusAuthoritative on
> AuthRadiusCookieValid 5
> AuthRadiusActive On
> require valid-user
> </Location>
>
> As you can see, all I did was put the options together in the same
> <Location> directive. However, when I try to view the url in a web
> browser, I am presented with a 404 error after entering a correct
> username and password. In the CLI client, I get this:
> svn: PROPFIND request failed on '/'
> svn: PROPFIND of '/': 405 Method Not Allowed (http://<ip-removed>) I
> speculate that once RADIUS authentication is completed, the request
is
> interpreted to be a literal filesystem path within DocumentRoot and my

> SVNParentPath instruction is ignored.
>
> The only way I have managed to get *some* of this working is by
setting
> DocumentRoot to "/opt/svn" and the SVN Location directive to "/". What

> happens in this case is that the web browser can view repositories
> perfectly after being authenticated. However, the CLI client returns a

> 301 Moved-Permanently error. I've read in the FAQ that this is an
> expected problem when the SVN location overlaps with the DocumentRoot.

> My DocumentRoot is now set to something completely different
(/var/www/)
> to avoid this problem, however now I'm back to being stuck with the
404
> errors.
>
> I would very much appreciate any pointers, assistance or guidance you
> may have.
>
> Thank you.
>
> - Dave Heppenstall
> david.heppenstall AT rci DOT rogers DOT com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Mar 6 17:39:13 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.