[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Multiple authentication methods

From: John Stile <johns_at_meyersound.com>
Date: 2006-06-22 02:15:15 CEST

It seems like you should use PAM to use 2 different security methods,
though I'm not sure about some of the details.
The apache config might look like this:
<Location /rogers>
  DAV svn
  SVNPath /opt/ldssvn/svn
  AuthzSVNAccessFile /opt/ldssvn/svn/acls/reposiotry.acl
  SVNIndexXSLT "/apache2-default/svnindex.xsl"
  Require valid-user
  AuthType Basic
  AuthName "Authentication"
  AuthPAM_Enabled on
</Location>

Once PAM is handling authentication, you can stack auth methods. I
think htpasswd files can be parsed by pwfile ( REFERENCE:
http://cpbotha.net/pam_pwdfile.html ), and pam_ldap can authenticat ldap
users.

Your /etc/pam.d/apache2 might look like, but I always have to debug this
part to get it right.
auth sufficient pam_pwdfile.so pwdfile /etc/apache2/access.list
auth required pam_ldap.so no_warn use_first_pass
account sufficient pam_pwdfile.so pwdfile /etc/apache2/access.list
account required pam_ldap.so no_warn use_first_pass

On Wed, 2006-06-21 at 15:50 -0600, Howard Vanfleet wrote:
> I am trying to set up my Subversion server to be able to authenticate users
> first through apaches AuthUserFile method
>
> Example:
> <Location /svn>
> Dav svn
> SVNParentPath /opt/ldssvn/svn
> AuthzSVNAccessFile /etc/apache2/access.list
> Require valid-user
> AuthType Basic
> AuthName "Apache Authentication"
> AuthUserFile /etc/apache2/user.list
> SSLRequireSSL
> </Location>
>
> and if this fails I want it to authenticate using LDAP
>
> Example:
> <Location /svn>
> DAV svn
> SVNParentPath /opt/ldssvn/svn
> AuthType Basic
> AuthName "LDAP Authentication"
>
> AuthLDAPUrl ldaps://<server name and port>/ou=people,o=WWR?cn SSL
>
> AuthLDAPBindDN cn=LDAP-Subversion,ou=NDA,o=WWR
> AuthLDAPBindPassword subversion
>
> AuthzLDAPAuthoritative off
> AuthBasicProvider ldap
> require valid-user
>
> AuthzSVNAccessFile /etc/apache2/access.list
> SSLRequireSSL
> </Location>
>
> Dose anyone have an example of how to set up the subversion.conf file to allow
> this scenario?
>
> thanks,
> Howard
>
> ------------------------------------------------------------------------------
>
>
> NOTICE: This email message is for the sole use of the
> intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the
> intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> ------------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jun 22 02:18:59 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.