[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Browsing via HTTPS needs authentication

From: <Robin.Gueldenpfennig_at_enercon.de>
Date: Tue, 28 Oct 2008 08:26:41 +0100

Hi Paul,

I think the problem is that:

> [/]
> * = r
> @admin = rw

It means that everyboy gets read access to every repository under your root
directory. But in that case TortoiseSVN should react like that, too.

Hmm. Just out comment "* = r" and check the effects.

Mit freundlichen Grüßen
Robin Güldenpfennig

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Robin Güldenpfennig
Service IT / SCADA Department

ENERCON Service Center
Dornumer Straße 20
26607 Aurich / Germany

mailto:Robin.Gueldenpfennig_at_enercon.de
http://www.enercon.de
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diese E-Mail und mögliche Anhänge enthalten vertrauliche Informationen, die
rechtlich besonders geschützt sein können. Wenn Sie nicht der beabsichtigte
Empfänger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund
eines technischen Fehlers oder eines Versehens erhalten haben, informieren
Sie uns bitte sofort und löschen Sie anschließend die E-Mail. Das unbefugte
Kopieren dieser E-Mail, etwaiger Anhänge sowie die unbefugte Weitergabe der
enthaltenen Informationen an Dritte ist nicht gestattet.

This e-mail message together with its attachments, if any, is confidential
and may contain information subject to legal privilege (e.g.
attorney-client-privilege). If you are not the intended recipient or have
received this e-mail in error, please inform us immediately and delete this
message. Any unauthorised copying of this message (and attachments) or
unauthorised distribution of the information contained herein is
prohibited.

"Gillis, Paul" <pgillis_at_insight-tek.com> schrieb am 27.10.2008 16:06:53:

>
> Hi Robin,
>
> With an AuthzSVNAccessFile that looks like this, I expect that I
> would not be able to open the Release subfolder in my Test
> repository. SVN and TSVN will not let me. But with an IE browser,
> I can open it and view its content.
>
> [groups]
> admin = gillis_p, patel_n
> eng = brock_c, richardson_d
>
> [/]
> * = r
> @admin = rw
>
> [Test:/]
> @admin = rw
> richardson_d = rw
> [Test:/Release]
> gillis_p =
>
>
> - Paul
>
> >-----Original Message-----
> >From: Robin.Gueldenpfennig_at_enercon.de
> >[mailto:Robin.Gueldenpfennig_at_enercon.de]
> >Sent: Monday, October 27, 2008 7:10 AM
> >To: Gillis, Paul
> >Cc: users_at_subversion.tigris.org
> >Subject: Antwort: RE: Browsing via HTTPS needs authentication
> >
> >Yes, exactly. We are using Internet Explorer Version 6.0
> >
> >How does your svn access file look like? Your authentication goes
through
> >SSPI?
> >
> >Mit freundlichen Grüßen
> >Robin Güldenpfennig
> >
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Robin Güldenpfennig
> >Service IT / SCADA Department
> >
> >ENERCON Service Center
> >Dornumer Straße 20
> >26607 Aurich / Germany
> >
> >mailto:Robin.Gueldenpfennig_at_enercon.de
> >http://www.enercon.de
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Diese E-Mail und mögliche Anhänge enthalten vertrauliche Informationen,
die
> >rechtlich besonders geschützt sein können. Wenn Sie nicht der
beabsichtigte
> >Empfänger bzw. Adressat dieser E-mail sind und diese E-Mail etwa
aufgrund
> >eines technischen Fehlers oder eines Versehens erhalten haben,
informieren
> >Sie uns bitte sofort und löschen Sie anschließend die E-Mail. Das
unbefugte
> >Kopieren dieser E-Mail, etwaiger Anhänge sowie die unbefugte Weitergabe
der
> >enthaltenen Informationen an Dritte ist nicht gestattet.
> >
> >This e-mail message together with its attachments, if any, is
confidential
> >and may contain information subject to legal privilege (e.g.
> >attorney-client-privilege). If you are not the intended recipient or
have
> >received this e-mail in error, please inform us immediately and delete
this
> >message. Any unauthorised copying of this message (and attachments) or
> >unauthorised distribution of the information contained herein is
> >prohibited.
> >
> >"Gillis, Paul" <pgillis_at_insight-tek.com> schrieb am 27.10.2008 12:00:45:
> >
> >> So are you saying that devTeam01 cannot open Project2 with an IE
browser?
> >
> >> I can get a browser to open all my repositories. I just can't read
> >> restrict them with the permissions that are set in my
AuthzSVNAccessfile.
> >>
> >> Thanks!
> >>
> >> - Paul
> >>
> >> >-----Original Message-----
> >> >From: Robin.Gueldenpfennig_at_enercon.de
> >> >[mailto:Robin.Gueldenpfennig_at_enercon.de]
> >> >Sent: Friday, October 24, 2008 6:07 AM
> >> >To: Gillis, Paul
> >> >Cc: users_at_subversion.tigris.org
> >> >Subject: Re: Browsing via HTTPS needs authentication
> >> >
> >> >Hi Paul,
> >> >
> >> >I set up an AuthzSVNAccessfile now. It's working fine with IE browser
> >and
> >> >with TortoiseSVN
> >> >
> >> >It looks like that:
> >> >
> >> >[groups]
> >> >admin = rgueldenpfennig
> >> >devTeam01 = bjohnson, kdirk
> >> >devtTeam02 = lkeys, rmeier
> >> >
> >> >=======================
> >> >svnaccessfile.conf
> >> >
> >> >[/]
> >> >@admin = rw
> >> >
> >> >[Project1:/]
> >> >@devTeam01 = rw
> >> >bschulte = r
> >> >
> >> >[Project2:/]
> >> >@devTeam02 = rw
> >> >
> >> >=======================
> >> >
> >> >The whole authentication goes over the SSPI module
> >> >
> >> >Mit freundlichen Grüßen
> >> >Robin Güldenpfennig
> >> >
> >> >"Gillis, Paul" <pgillis_at_insight-tek.com> schrieb am 23.10.2008
14:58:46:
> >> >
> >> >> I missed the answer to your question. What was it?
> >> >>
> >> >> I have the same Windows SSPI setup here and an IE browser does not
> >> >> recognize any of the repository folder level read restrictions in
my
> >> >> AuthzSVNAccessFile. But the TSVN and SVN clients do.
> >> >>
> >> >> - Paul
> >> >>
> >> >> >-----Original Message-----
> >> >> >From: Robin.Gueldenpfennig_at_enercon.de
> >> >> >[mailto:Robin.Gueldenpfennig_at_enercon.de]
> >> >> >Sent: Thursday, October 23, 2008 8:45 AM
> >> >> >To: vishwajeet singh
> >> >> >Cc: users_at_subversion.tigris.org
> >> >> >Subject: Antwort: Re: Browsing via HTTPS needs authentication
> >> >> >
> >> >> >Hi and thanks for the fast answer!
> >> >> >
> >> >> >You are kind of right. The SSPI mod also checks your domain
account
> >when
> >> >> >accessing via a browser. From outside the corporation domain there
is
> >no
> >> >> >access.
> >> >> >I just checked the apache logs and I think this no more problem
now.
> >> >> >
> >> >> >best regards
> >> >> >Robin Güldenpfennig
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > "vishwajeet
> >> >> > singh"
> >> >> > <dextrous85_at_gmail
> >> >An
> >> >> > .com>
> >Robin.Gueldenpfennig_at_enercon.de
> >> >> >
> >> >Kopie
> >> >> > 23.10.2008 14:27
users_at_subversion.tigris.org
> >> >> >
> >> >Thema
> >> >> > Re: Browsing via HTTPS
needs
> >> >> > authentication
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >It work works fine with web too but Internet explorer shows extra
> >> >ordernay
> >> >> >talent by automatically passing your credentials.
> >> >> >You can test this with any other browser; it will definetley
prompt
> >you
> >> >for
> >> >> >password.
> >> >> >or for quick check you can ask some on who does not have access to
> >> >> >repository to browse through repository or you can try even your
self
> >by
> >> >> >clearing cahce.
> >> >> >
> >> >> >2008/10/23 <Robin.Gueldenpfennig_at_enercon.de>
> >> >> >
> >> >> > Hi there,
> >> >> >
> >> >> > I configured a Win32 Apache Server with the SSPI mod to use
the
> >> >> > Windows
> >> >> > Domain User data in TortoiseSVN. It all works really fine.
> >> >> >
> >> >> > But when I'm browings via the Internet Explorer in the
> >repository
> >> >> > trees, I
> >> >> > don't need to verify my user account.
> >> >> >
> >> >> > So everybody can download data from the repositories.
> >> >> >
> >> >> > What do I have to change so the SSPI authentication works on
> >the
> >> >web,
> >> >> > too?
> >> >> >
> >> >> > Mit freundlichen Grüßen
> >> >> > Robin Güldenpfennig
> >> >> >
> >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> > Robin Güldenpfennig
> >> >> > Service IT / SCADA Department
> >> >> >
> >> >> > ENERCON Service Center
> >> >> > Dornumer Straße 20
> >> >> > 26607 Aurich / Germany
> >> >> >
> >> >> > mailto:Robin.Gueldenpfennig_at_enercon.de
> >> >> > http://www.enercon.de
> >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> > Diese E-Mail und mögliche Anhänge enthalten vertrauliche
> >> >> > Informationen, die
> >> >> > rechtlich besonders geschützt sein können. Wenn Sie nicht
der
> >> >> > beabsichtigte
> >> >> > Empfänger bzw. Adressat dieser E-mail sind und diese E-Mail
> >etwa
> >> >> > aufgrund
> >> >> > eines technischen Fehlers oder eines Versehens erhalten
haben,
> >> >> > informieren
> >> >> > Sie uns bitte sofort und löschen Sie anschließend die
E-Mail.
> >Das
> >> >> > unbefugte
> >> >> > Kopieren dieser E-Mail, etwaiger Anhänge sowie die unbefugte
> >> >> > Weitergabe der
> >> >> > enthaltenen Informationen an Dritte ist nicht gestattet.
> >> >> >
> >> >> > This e-mail message together with its attachments, if any,
is
> >> >> > confidential
> >> >> > and may contain information subject to legal privilege (e.g.
> >> >> > attorney-client-privilege). If you are not the intended
> >recipient
> >> >or
> >> >> > have
> >> >> > received this e-mail in error, please inform us immediately
and
> >> >> > delete this
> >> >> > message. Any unauthorised copying of this message (and
> >> >attachments)
> >> >> > or
> >> >> > unauthorised distribution of the information contained
herein
> >is
> >> >> > prohibited.
> >> >> >
> >> >> >
> >> >> >
> >> >---------------------------------------------------------------------
> >> >> > To unsubscribe, e-mail:
users-unsubscribe_at_subversion.tigris.org
> >> >> > For additional commands, e-mail:
> >users-help_at_subversion.tigris.org
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >--
> >> >> >Cheers,
> >> >> >Vishwajeet
> >> >> >http://www.singhvishwajeet.com
> >> >> >
> >> >> >
> >> >>
>---------------------------------------------------------------------
> >> >> >To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> >> >> >For additional commands, e-mail: users-help_at_subversion.tigris.org
> >> >>
> >> >>
> >> >>
> >> >> This e-mail message and all attachments thereto may contain
> >> >> technical data that is subject to export control regulations, or
> >> >> confidential material, and is for the sole use of the intended
> >> >> recipients. Review, dissemination, or other use by anyone else is
> >> >> prohibited. If you are not an intended recipient, please contact
the
> >> >> sender and delete all copies.
> >> >>
> >> >>
---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> >> >> For additional commands, e-mail: users-help_at_subversion.tigris.org
> >> >>
> >>
> >>
> >>
> >> This e-mail message and all attachments thereto may contain
> >> technical data that is subject to export control regulations, or
> >> confidential material, and is for the sole use of the intended
> >> recipients. Review, dissemination, or other use by anyone else is
> >> prohibited. If you are not an intended recipient, please contact the
> >> sender and delete all copies.
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> >> For additional commands, e-mail: users-help_at_subversion.tigris.org
> >>
>
>
>
> This e-mail message and all attachments thereto may contain
> technical data that is subject to export control regulations, or
> confidential material, and is for the sole use of the intended
> recipients. Review, dissemination, or other use by anyone else is
> prohibited. If you are not an intended recipient, please contact the
> sender and delete all copies.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-10-28 08:27:04 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.