[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

authorization by client side ssl certificates

From: <bricconi\_at_libero\.it>
Date: 2007-08-21 15:53:33 CEST

Hello,

I was able to set up an https enabled apache with subversion and to create some user certificates. My problem is that I am unable to understand which usernames to add to mod_authz_svn configuration file to grant access only to the desired repositories

This is a fragment of my httpd.conf

<Location /svn>
        DAV svn
        SVNParentPath /home/subversion/repositories
        AuthzSVNAccessFile /home/subversion/utenti/policy
        SSLVerifyClient require
        SSLVerifyDepth 1
        SSLRequireSSL
        SSLOptions +FakeBasicAuth +StdEnvVars
        SSLUserName SSL_CLIENT_S_DN
</Location>

I have enabled SSL FakeBasicAuth, and used SSLUserName to specify SSL_CLIENT_S_DN. I have made mod_ssl log SSL_CLIENT_S_DN and I see
/C=IT/ST=Italy/O=Lombardia Servizi/CN=giovanni
for my certificate.

I supposed I had to place this inside mod_authz_svn's configuration file, but it does not work.

This is my configuration file
[groups]
gruppo = /C=IT/ST=Italy/O=Lombardia Servizi/CN=giovanni

[prova:/]
#* = rw
#giovanni = rw
@gruppo = rw
[prova2:/]
#* = rw
#mirko = rw
@gruppo = rw

I tried to place /C=IT... as left value for the rules but I found this error message, even quoting them:
> The character 'I' in rule '/C' is not allowed in authz rules

Can anybody guess what was my fault?

Thanks

Giovanni

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Aug 25 12:44:49 2007

This is an archived mail posted to the Subversion Users mailing list.