[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

acl file witth certificate authentification

From: <jacques.charreyron_at_fr.michelin.com>
Date: 2007-12-03 10:07:56 CET

Hello,

I am trying hard to make client certificate authentification on RH5 work,
but not successfully. Here is what I did :

1st step)
I have started my apache 2.2.3.11 and setup certificates both for the
server and the client.
I can connect to the server with this certificate.

2nd step)
I have added this to the apache conf

LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<Location /svn>
   DAV svn
   SVNParentPath /NAS/U21/intrape3e/Svn
   SSLRequireSSL
   AuthType Basic
   AuthName "Subversion repository"
   AuthUserFile /NAS/U21/intrape3e/ApacheConf/ssl/passwd
   <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
   </LimitExcept>
  AuthzSVNAccessFile /NAS/U21/intrape3e/ApacheConf/svn/svn.acl
</Location>

3 rd step)

I have created passwd

/C=FR/ST=Puy de
Dome/O=Michelin/OU=PE3E/CN=f264897/emailAddress=mymail@mycompagny.com:xxj31ZMTZzkVA

and svn.acl file like this :

[test:/]
/C=FR/ST=Puy de
Dome/O=Michelin/OU=PE3E/CN=f264897/emailAddress=mymail@mycompagny.com=rw

When I try a checkout :

>> svn co https://localhost/svn/test

svn: Échec de la requête PROPFIND sur '/svn/test'
svn: PROPFIND de '/svn/test': 403 Forbidden (https://localhost)

and I always get in ssl_error.log this message :

[Mon Dec 03 10:00:15 2007] [error] [client 127.0.0.1] Failed to load the
AuthzSVNAccessFile: The character 'F' in rule '/C' is not allowed in authz
rules
[Mon Dec 03 10:00:15 2007] [error] [client 127.0.0.1] Access denied: -
PROPFIND test:/

I have tried several variant of this acl file but no success.

Please help I really want to erase CVS :-)

Jacques Charreyron
Received on Mon Dec 3 10:08:30 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.