On 4/16/07, Darshak Thakore <firstname.lastname@example.org> wrote:
> Hi all,
> This question is related to the mod_dav_svn module. I am running
> subversion behind apache httpd using mod_dav_svn. I also need
> per-directory access control so I have the mod_authz_svn configured. Now
> we already have a custom user database that runs on another server and
> we want to leverage that user database. So I configured apache's basic
> auth module (mod_auth_basic) to call a wrapper script that I wrote which
> connects to our user database and authenticates a user. If I understand
> correctly, the workflow should be :
> 1. user tries to access a repository or a directory within using http://
> 2. apache passes this off to mod_dav_svn
> 3. mod_dav_svn will invoke mod_basic module which in turn will challenge
> the user for credentials
> 3. user supplies the credentials
> 4. mod_basic passes off the credentials to the configured authenticator
> module (in my case this would be the wrapper script). Assuming the user
> supplied the correct password mod_basic will send a positive auth
> message to mod_dav_svn
> 5. upon authentication, mod_dav_svn will invoke the mod_authz_svn module
> to check if the requested operation is allowed.
> Now as a user if I am checking out lets say
> http://myserver/svn/repo1/trunk/ I believe the mod_dav_svn module will
> perform authentication once and then would recursively invoke
> authorization on each and every path. Instead what I have observed is
> that mod_dav_svn invokes authentication also on each and every path. I
> am trying to understand why it is invoking authentication for each and
> every path when a user had already been authentication once for that
> particular request.
> Also is there any way to change this behavior ??
Josh Gilkerson has submitted a patch to the dev@ list which skips the
extra authorization subrequests for each path if you enable a
short-circuit option in your httpd config. Instead, Subversion
performs these authorization checks internally.
This feature should improve performance significantly in your case.
I'm hoping to get it committed soon so you might see this feature in
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Tue Apr 17 00:45:19 2007