[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Anonymous access will not go away!

From: Steve Martin <sm.drdc_at_gmail.com>
Date: 2006-08-22 01:27:21 CEST

I had this same problem as well.

I was running httpd (apache2), with svn 1.3.1 on RHEL 4 using httpd auth,
and after awhile, it stopped prompting for username + password.

Although, I'm not certain what Ryan said is right... it might cache certain
info, but even with httpd basic auth, it still wasn't prompting for auth
info after a reboot AND using a different user account.

What I would recommend checking (which I didn't get a chance to before the
contract was up) is that to make sure you don't have the apache + svn auth
info in 2 different locations.

IE: (this example is on RHEL 4... may be different on your OS) if you have
the apache directives set in /etc/httpd/httpd.conf, DO NOT have it set also
in /etc/httpd/conf.d/whateverconf.conf).

That was the only thing I could think of in MY situation.

My best suggestion would be to:

cp httpd.conf httpd.conf.bak

remove everything env related from the "old" httpd.conf

Readd the svn directives, run apachectl restart (or /etc/init.d/httpd

and see if you still have the same problem.

However, I was managing things for a small dev lab, so I didn't need the svn
authz stuff. I just used basic httpd authentication.... I had one couple GB
repo, with a limitied # of people using it.

On 8/21/06, Ryan Schmidt <subversion-2006c@ryandesign.com> wrote:
> On Aug 21, 2006, at 18:04, Justin wrote:
> > I just set up my first Subversion server, under Apache2 on OS X
> > Server 10.4, serving the repository over Apache2 and SSL. It was
> > probably the most painful install and tweaking process I've ever
> > experienced! But it's in and working.
> >
> > The problem I'm running into, is that no matter what I do, I cannot
> > DISABLE anonymous access! I can set things so that an INcorrect
> > username is denied, and a CORRECT username is allowed. But not
> > entering any credentials always results in full access.
> >
> > My httpd.conf location is:
> >
> > <Location /svn>
> > SSLRequireSSL
> > DAV svn
> > SVNPath /Library/svn
> > AuthzSVNAccessFile /Library/Apache2/svn-access-file
> > Require valid-user
> > AuthType Basic
> > AuthName "Repository"
> > AuthUserFile /Library/Apache2/svn-auth-file
> > </Location>
> >
> > And I've got the svn-access-file as:
> >
> > [/]
> > * =
> > justin = rw
> >
> > Basically, I've got this ONE repository that I need to be secured.
> > When I remove my account from the access-file (justin), any
> > anonymous access results in a 403 Forbidden error. But when I've
> > got my account in there, my account AND anonymous gets full access.
> >
> > I have set the hooks for anon-access to none in the svnserve.conf
> > file in the repository, but I think this is just for serving via
> > svnserve and NOT Apache2. Regardless, the options that I set there
> > do nothing.
> >
> > I'm completely stuck on this one, there doesn't seem to be anything
> > out there addressing my issue. I'm thinking that maybe it was a
> > permissions issue on my repository folders and files, but when I
> > disable the world permissions (from read, write, ex to none, none
> > none) I cannot access the repository at all.
> >
> > Any help on this would be GREATLY appreciated!
> Are you SURE that anonymous access is getting in? Subversion caches
> your credentials, you know, the first time you supply them. Could it
> be that the username "justin" and the password are cached in
> ~/.subversion/auth/svn.simple which is why you can get access when
> you do not explicitly supply a username and password? Try deleting
> the cached info from that directory and see if you then still have
> access. I suspect you do not, meaning the server is correctly set up.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 22 01:28:52 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.