You need to put the username in quotes.
-----Original Message-----
From: bricconi@libero.it [mailto:bricconi@libero.it]
Sent: Tuesday, August 21, 2007 9:54 AM
To: users
Subject: authorization by client side ssl certificates
Hello,
I was able to set up an https enabled apache with subversion and to
create some user certificates. My problem is that I am unable to
understand which usernames to add to mod_authz_svn configuration file to
grant access only to the desired repositories
This is a fragment of my httpd.conf
<Location /svn>
DAV svn
SVNParentPath /home/subversion/repositories
AuthzSVNAccessFile /home/subversion/utenti/policy
SSLVerifyClient require
SSLVerifyDepth 1
SSLRequireSSL
SSLOptions +FakeBasicAuth +StdEnvVars
SSLUserName SSL_CLIENT_S_DN
</Location>
I have enabled SSL FakeBasicAuth, and used SSLUserName to specify
SSL_CLIENT_S_DN. I have made mod_ssl log SSL_CLIENT_S_DN and I see
/C=IT/ST=Italy/O=Lombardia Servizi/CN=giovanni
for my certificate.
I supposed I had to place this inside mod_authz_svn's configuration
file, but it does not work.
This is my configuration file
[groups]
gruppo = /C=IT/ST=Italy/O=Lombardia Servizi/CN=giovanni
[prova:/]
#* = rw
#giovanni = rw
@gruppo = rw
[prova2:/]
#* = rw
#mirko = rw
@gruppo = rw
I tried to place /C=IT... as left value for the rules but I found this
error message, even quoting them:
> The character 'I' in rule '/C' is not allowed in authz rules
Can anybody guess what was my fault?
Thanks
Giovanni
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Aug 26 18:55:07 2007