Hello folks,
I'm having a problem with what should be a simple task, I think. I've
got a Subversion server using the SSPI authentication against my
domain. That works perfectly and is very cool. Just recently, I've
needed to add a lot more hook scripts. In the past, my scripts have
all operated only on individual transactions. One of my new scripts
actually needs to access the repos itself. It gets a 403 Forbidden
error, because it's not using a domain account.
I decided the best way to solve that would be to allow 127.0.0.1
unrestricted access to the repos, which should, in theory, prevent the
script from getting rejected. Well, that doesn't seem to be the case.
Here is what I've done:
<Location /repos>
*Order deny,allow
*Deny from All
DAV svn
SVNParentPath "F:/svn/"
AuthName "Subversion Authentication"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain SOLEKAI
SSPIOfferBasic On
AuthzSVNAccessFile "C:/Program Files/Subversion/auth.conf"
Require valid-user
*Allow from 127.0.0.1
*Satisfy Any
</Location>
The lines with a star are the lines I added to allow localhost access.
Now, this config doesn't break the domain access: everything works
exactly as it did before, including no localhost access. I'm sure
someone will ask, so yes: I did restart the Apache service.
Here are the log messages from when the script runs and is rejected:
access_log:
gamera.dm.solekai.com - "" [20/Apr/2006:08:02:10 -0700] "PROPFIND
/repos/newtrex HTTP/1.1" 403 335
error_log:
[Thu Apr 20 08:02:10 2006] [error] [client 127.0.0.1] Access denied:
'' PROPFIND newtrex:/
Is there something obvious I'm missing, here?
Thanks,
-- gilrain
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Apr 20 17:21:36 2006