I had this same problem as well.
I was running httpd (apache2), with svn 1.3.1 on RHEL 4 using httpd auth,
and after awhile, it stopped prompting for username + password.
Although, I'm not certain what Ryan said is right... it might cache certain
info, but even with httpd basic auth, it still wasn't prompting for auth
info after a reboot AND using a different user account.
What I would recommend checking (which I didn't get a chance to before the
contract was up) is that to make sure you don't have the apache + svn auth
info in 2 different locations.
IE: (this example is on RHEL 4... may be different on your OS) if you have
the apache directives set in /etc/httpd/httpd.conf, DO NOT have it set also
in /etc/httpd/conf.d/whateverconf.conf).
That was the only thing I could think of in MY situation.
My best suggestion would be to:
cp httpd.conf httpd.conf.bak
remove everything env related from the "old" httpd.conf
Readd the svn directives, run apachectl restart (or /etc/init.d/httpd
restart)
and see if you still have the same problem.
However, I was managing things for a small dev lab, so I didn't need the svn
authz stuff. I just used basic httpd authentication.... I had one couple GB
repo, with a limitied # of people using it.
On 8/21/06, Ryan Schmidt <subversion-2006c@ryandesign.com> wrote:
>
> On Aug 21, 2006, at 18:04, Justin wrote:
>
> > I just set up my first Subversion server, under Apache2 on OS X
> > Server 10.4, serving the repository over Apache2 and SSL. It was
> > probably the most painful install and tweaking process I've ever
> > experienced! But it's in and working.
> >
> > The problem I'm running into, is that no matter what I do, I cannot
> > DISABLE anonymous access! I can set things so that an INcorrect
> > username is denied, and a CORRECT username is allowed. But not
> > entering any credentials always results in full access.
> >
> > My httpd.conf location is:
> >
> > <Location /svn>
> > SSLRequireSSL
> > DAV svn
> > SVNPath /Library/svn
> > AuthzSVNAccessFile /Library/Apache2/svn-access-file
> > Require valid-user
> > AuthType Basic
> > AuthName "Repository"
> > AuthUserFile /Library/Apache2/svn-auth-file
> > </Location>
> >
> > And I've got the svn-access-file as:
> >
> > [/]
> > * =
> > justin = rw
> >
> > Basically, I've got this ONE repository that I need to be secured.
> > When I remove my account from the access-file (justin), any
> > anonymous access results in a 403 Forbidden error. But when I've
> > got my account in there, my account AND anonymous gets full access.
> >
> > I have set the hooks for anon-access to none in the svnserve.conf
> > file in the repository, but I think this is just for serving via
> > svnserve and NOT Apache2. Regardless, the options that I set there
> > do nothing.
> >
> > I'm completely stuck on this one, there doesn't seem to be anything
> > out there addressing my issue. I'm thinking that maybe it was a
> > permissions issue on my repository folders and files, but when I
> > disable the world permissions (from read, write, ex to none, none
> > none) I cannot access the repository at all.
> >
> > Any help on this would be GREATLY appreciated!
>
> Are you SURE that anonymous access is getting in? Subversion caches
> your credentials, you know, the first time you supply them. Could it
> be that the username "justin" and the password are cached in
> ~/.subversion/auth/svn.simple which is why you can get access when
> you do not explicitly supply a username and password? Try deleting
> the cached info from that directory and see if you then still have
> access. I suspect you do not, meaning the server is correctly set up.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
Received on Tue Aug 22 01:28:52 2006