[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: websv authentication help

From: John Stile <john_at_stilen.com>
Date: Fri, 18 Apr 2008 11:14:50 -0700

On Fri, 2008-04-18 at 09:27 -0500, Dan Bahena wrote:
> Hi
>
> I've configured websvn to browse my repos, but now I want to configure
> access rights and authentication to it. In the documentation it mentions
> that I need to uncomment one line in the config.php (which I have done)
> and it also mentions about configuring the /websvn directory. It talks
> about SSPI and it even gives a sample of the configuration but it does
> not mention where to place that.

Hello Dan,

I have done configured this on Gentoo.
I use websvn-2.0, apache-2.2.8, pwauth-2.3.5, and samba's winbind as authenticator.
Background: My svn directory structure like this:
/svn/
     |-/acl/<repo>.acl
     |-/repos/<repo>
     |-/hotcopy_backup/<repo>

For per repository Access control, I modified one file.
subverison02 ~ # egrep -v '^//|^#|^$' /usr/share/webapps/websvn/2.0/htdocs/include/config.php
<?php
$config->parentPath("/svn/repos");
$config->setTemplatePath("$locwebsvnreal/templates/johns_custom_template");
$config->useAuthenticationFile('/svn/acls/PROJECTA.acl', 'PROJECTA');
$config->useAuthenticationFile('/svn/acls/PROJECTB.acl', 'PROJECTB');
$config->useAuthenticationFile('/svn/acls/PROJECTC.acl', 'PROJECTC');
$config->useAuthenticationFile('/svn/acls/PCB_Design.acl', 'PCB_Design');
$config->useAuthenticationFile('/svn/acls/SERVICE.acl', 'SERVICE');
$config->useAuthenticationFile('/svn/acls/TEST2.acl', 'TEST2');
$config->useAuthenticationFile('/svn/acls/bla.acl', 'bla');
$config->useAuthenticationFile('/svn/acls/joe.acl', 'joe');
$config->useAuthenticationFile('/svn/acls/sam.acl', 'sam');
$config->useAuthenticationFile('/svn/acls/don.acl', 'don');
$config->setMinDownloadLevel(2);
set_time_limit(0);
$config->expandTabsBy(8);
?>

One acl file looks like this:
cat >> /svn/acl/TEST.acl <<'EOF'
# TEST Repo ACLS
#=================
# NAME: EMAIL Login ACCESS
#--------------------------------------------------#
# Any Employee <any_at_foo.com> any admin
# Homer Simpson <homer_at_foo.com> homer devel
#--------------------------------------------------#
[groups]
admin = any
devel = homer
#---------------------#
[TEST:/]
# Read access by default
@admin = rw
@devel = rw
#---------------------#
EOF

My pam setup looks like this:
cat >> /etc/pam.d/apache2 <<'EOF'
auth required pam_winbind.so
account required pam_winbind.so
EOF

The Apache config for websvn looks like this:
cat >> /etc/apache2/conf.d/websvn <<'EOF'
<IfModule authnz_external_module>
      AddExternalAuth pwauth /usr/sbin/pwauth
      SetExternalAuthMethod pwauth pipe
</IfModule>
Alias /websvn "/usr/share/webapps/websvn/2.0/htdocs"
<Directory "/usr/share/webapps/websvn/2.0/htdocs">
  Options FollowSymLinks MultiViews
  AllowOverride None
  order allow,deny
  allow from all
  <IfModule mod_php4.c>
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
  </IfModule>
   AuthType Basic
   AuthName "Websvn: Subversion Repository Web Interface"
   #AuthPAM_Enabled on # Had to comment-out for newer apache
   AuthBasicProvider external
   AuthExternal pwauth
   Require valid-user
</Directory>
EOF

Edit main virutal host to include the websvn config file.
vi /etc/apache2/vhosts.d/00_ssl_vhost.conf
# Include /etc/apache2/conf.d/websvn

Customize the greeting and templates
cd /usr/share/webapps/websvn/2.0/htdocs/templates/
rsync -av calm/ johns_custom_template/
vi /usr/share/webapps/websvn/2.0/htdocs/templates/johns_custom_template/index.tmpl

I didn't include the joining the samba system to the AD domain to get winbind working, as that is a little off topic.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-04-18 20:15:12 CEST

This is an archived mail posted to the Subversion Users mailing list.