[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Not able to co from repo with no anon read: REPORT request failed on ..., Not authorized to open root of edit operation

From: Matt Smith <matt_at_forsetti.com>
Date: Fri, 29 Feb 2008 09:21:44 -0500

All-
  Through trial and error, it looks like my problem may be the use of
"Satisfy Any" in Apache's location block to allow anonymous or authenticated
access. So, my workaround for now is to force anonymous access and
authenticated access through two different URLs.

  But, I would still be interested if anyone has any insight into my problem
as described below.

Thanks all,
-Matt

On Thu, Feb 28, 2008 at 10:29 AM, Matt Smith <matt_at_forsetti.com> wrote:

> I found a number of similar reports in the archives, but no definitive
> answers. When checking out from a repo that does not allow anonymous read
> access ("* = "), I get the following error at the client:
> svn: REPORT request failed on '/svn/myproject/!svn/vcc/default'
> svn: Not authorized to open root of edit operation
>
> The Apache error log shows:
> A failure occurred while driving the update report editor [500,
> #220000]
> Not authorized to open root of edit operation [500, #220000]
>
> Adding "*=r" to the repo entry in the authz file allows this to succeed
> fine. This leads me to suspect that the svn client is attempting to do
> "something" anonymously, before authenticating.
>
> Some detail:
> Client: Ubuntu Gutsy, using the stock subversion (1.4.4dfsg1-1ubuntu3)
> package.
> Server: Debian Etch, using the stock libapache2-svn (1.4.2dfsg1-2)
> package.
> Authentication: libapache2-mod-auth-kerb (5.3-1) package, using negotiate
> (not simple passwd!)
>
> Relevant Apache configuration block:
> SSLCertificateFile /etc/apache2/certificate.pem
> SSLCertificateKeyFile /etc/apache2/certificate.pem
> SSLEngine on
>
> <Location /svn/>
> AuthType Kerberos
> KrbMethodNegotiate on
> KrbMethodK5Passwd off
> KrbVerifyKDC on
> Krb5Keytab /etc/apache2/HTTP.keytab
>
> Satisfy Any
> require valid-user
>
> DAV svn
> SVNParentPath /srv/svn
> SVNListParentPath on
> AuthzSVNAccessFile /srv/svn/authz
> </Location>
>
> Relevant snippet from authz file:
> [myproject:/]
> myuser = rw
> * =
>
> This repository must not be anonymously accessible, so setting "*=r" is
> not an option. Does anyone have any insight to the cause of my problem?
>
> Thank you,
> -Matt
>
> --
> matt_at_forsetti.com
> Key ID:D6EEC5B5

-- 
matt_at_forsetti.com
Key ID:D6EEC5B5
Received on 2008-02-29 15:22:24 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.