[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Not able to co from repo with no anon read: REPORT request failed on ..., Not authorized to open root of edit operation

From: Matt Smith <matt_at_forsetti.com>
Date: Thu, 28 Feb 2008 10:29:37 -0500

I found a number of similar reports in the archives, but no definitive
answers. When checking out from a repo that does not allow anonymous read
access ("* = "), I get the following error at the client:
  svn: REPORT request failed on '/svn/myproject/!svn/vcc/default'
  svn: Not authorized to open root of edit operation

The Apache error log shows:
  A failure occurred while driving the update report editor [500, #220000]
  Not authorized to open root of edit operation [500, #220000]

Adding "*=r" to the repo entry in the authz file allows this to succeed
fine. This leads me to suspect that the svn client is attempting to do
"something" anonymously, before authenticating.

Some detail:
Client: Ubuntu Gutsy, using the stock subversion (1.4.4dfsg1-1ubuntu3)
package.
Server: Debian Etch, using the stock libapache2-svn (1.4.2dfsg1-2) package.
Authentication: libapache2-mod-auth-kerb (5.3-1) package, using negotiate
(not simple passwd!)

Relevant Apache configuration block:
SSLCertificateFile /etc/apache2/certificate.pem
SSLCertificateKeyFile /etc/apache2/certificate.pem
SSLEngine on

<Location /svn/>
 AuthType Kerberos
 KrbMethodNegotiate on
 KrbMethodK5Passwd off
 KrbVerifyKDC on
 Krb5Keytab /etc/apache2/HTTP.keytab

  Satisfy Any
 require valid-user

 DAV svn
 SVNParentPath /srv/svn
 SVNListParentPath on
 AuthzSVNAccessFile /srv/svn/authz
</Location>

Relevant snippet from authz file:
  [myproject:/]
  myuser = rw
  * =

This repository must not be anonymously accessible, so setting "*=r" is not
an option. Does anyone have any insight to the cause of my problem?

Thank you,
-Matt

-- 
matt_at_forsetti.com
Key ID:D6EEC5B5
Received on 2008-02-28 16:30:30 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.