[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Apache 2.2 + Mod_Authnz_External + Subversion AuthUserFile

From: Frank Gruman <fgatwork_at_verizon.net>
Date: 2006-05-17 01:08:23 CEST

Hi all,

I am looking at moving my Apache server to 2.2 to keep up with some of
our other web servers on other products. One of the big reasons for
this is the massive change in authentication/authorization, and our
administration process tries to keep things as close in version as
possible (we have products getting ready to roll out the door on 2.2).
I have looked, and cannot find a working PAM module that takes care of
what I had in 2.0.x. So I am looking at and testing
mod_authnz_external. This links to my PAM configuration. My users all
authenticate to an Active Directory structure, and for various other
reasons I have had to implement Winbind/PAM rather than LDAP.

So the problem - I can get the external authorization to work, but the
system seems to ignore the AuthzSVNAccessFile for path browsing. There
are no errors reported. It's as if the system is just ignoring my svn
access file. Basically - anyone who can authenticate (3000+ employees
of the company) could access the repository because it is not adhering
to the rules in the auth file. The file is readable by the apache user

I have attached a copy of my Apache configuration and auth file.

Any help would be appreciated.


<Location /code>
  DAV svn
  SVNParentPath /code_repos
  SVNIndexXSLT /svnindex.xsl
  SVNListParentPath on
  AuthType Basic
  AuthBasicProvider external
  AuthExternal pwauth
  AuthName "Micros Code Repository"
  AuthzSVNAccessFile /code_repos/access.list
  satisfy all
  require valid-user


sysadmin = fgruman
myreposdevs = empty
myreposmgr = empty
myreposadmin = empty

@myreposdevs = rw
@myreposmgr = rw
@myreposadmin = rw

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed May 17 01:09:31 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.