[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

https, AuthzSVNAccessfile and Basic Authen

From: Edward Bosco <ebosco_at_prologic-inc.com>
Date: 2006-05-08 23:29:14 CEST

Have used the same Authz and htpasswd users file for both an http://
access method, which works, and an https:// site, which doesn't.

The goal is implementing path-based authorization using https SSL
protocol, with Basic authentication on an htpasswd-generated users file,
with path-based authorization defined by an AuthzSVNAccess file.

Can't get particular paths to _not_ be accessible under https,
AuthzSVNAccess and Basic authentication. I log into the site once, with
username and password, and am not challenged again.

With svn 1.3.1 on a Windows XP machine, accessing an existing repository
on a Debian Sarge server running 1.3.1-2, I can't keep
a test user from accessing directories or files they ought not to be
able to access.

Using a command line invocation of svn:
C:\Documents and Settings\ebosco>svn ls
--username test --password test --no-auth-cache
I still get a listing of a directory I ought not see; same holds for svn
log, cat or whatever.

My dav_svn.conf file looks like:

<Location /svn2>
  DAV svn
  SVNPath /var/repos/repos/testrepo
  SVNPathAuthz on
  AuthType Basic
  AuthUserFile /etc/apache2/users
  AuthName "Test Repository"
  AuthzSVNAccessFile /etc/apache2/authz
  Require valid-user

My authz file looks like:

reatssdvp = ebosco, kwest
testdvp = test

* = r

* =
ebosco = rw

* =
@reatssdvp = rw

* =
ebosco = rw

* =

ebosco = rw
* =

* =
@reatssdvp = rw

Any thoughts as how to proceed?

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon May 8 23:33:31 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.