[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: authorization by client side ssl certificates

From: Brian E. Fox <brianf_at_reply.infinity.nu>
Date: 2007-08-26 18:57:20 CEST

You need to put the username in quotes.

-----Original Message-----
From: bricconi@libero.it [mailto:bricconi@libero.it]
Sent: Tuesday, August 21, 2007 9:54 AM
To: users
Subject: authorization by client side ssl certificates

Hello,

I was able to set up an https enabled apache with subversion and to
create some user certificates. My problem is that I am unable to
understand which usernames to add to mod_authz_svn configuration file to
grant access only to the desired repositories

This is a fragment of my httpd.conf

<Location /svn>
        DAV svn
        SVNParentPath /home/subversion/repositories
        AuthzSVNAccessFile /home/subversion/utenti/policy
        SSLVerifyClient require
        SSLVerifyDepth 1
        SSLRequireSSL
        SSLOptions +FakeBasicAuth +StdEnvVars
        SSLUserName SSL_CLIENT_S_DN
</Location>

I have enabled SSL FakeBasicAuth, and used SSLUserName to specify
SSL_CLIENT_S_DN. I have made mod_ssl log SSL_CLIENT_S_DN and I see
/C=IT/ST=Italy/O=Lombardia Servizi/CN=giovanni
for my certificate.

I supposed I had to place this inside mod_authz_svn's configuration
file, but it does not work.

This is my configuration file
[groups]
gruppo = /C=IT/ST=Italy/O=Lombardia Servizi/CN=giovanni

[prova:/]
#* = rw
#giovanni = rw
@gruppo = rw
[prova2:/]
#* = rw
#mirko = rw
@gruppo = rw

I tried to place /C=IT... as left value for the rules but I found this
error message, even quoting them:
> The character 'I' in rule '/C' is not allowed in authz rules

Can anybody guess what was my fault?

Thanks

Giovanni

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Aug 26 18:55:07 2007

This is an archived mail posted to the Subversion Users mailing list.