[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Multiple authentication sources

From: Frank Gruman <fgatwork_at_verizon.net>
Date: Sun, 07 Dec 2008 22:54:23 -0500

On Mon, 2008-12-08 at 11:24 +0900, Craig McQueen wrote:
>
>
> Frank Gruman wrote:
> > On Fri, 2008-12-05 at 13:29 -0600, Alec Kloss wrote:
> >
> > > On 2008-12-05 10:55, Craig McQueen wrote:
> > >
> > I've successfully implemented multiple authentication sources, but I
> > believe the current limitation (until Apache 2.3/2.4 is released) is
> > that they must all be of the same type (AuthType Basic or AuthType
> > SSPI). In my case, I was able to do basic authentication with a file
> > and LDAP.
> >
> > But I thought it would still be possible. I found a sample config here
> > -
> > http://osdir.com/ml/version-control.subversion.ankhsvn.general/2006-04/msg00037.html
> >
> >
> > <Location /svn/>
> > DAV svn
> > SVNParentPath "/srv/svn/my_projects"
> >
> > AuthName "Subversion Repositories"
> > Require valid-user #this is all authenticated users on
> > domain
> > AuthAuthoritative Off #enables multiple authorities
> >
> > AuthType SSPI
> > SSPIAuth On
> > SSPIAuthoritative Off
> > #SSPIAuthoritative On - Forces only SSPI auth, skips passwd
> > file
> > SSPIOmitDomain On
> > SSPIDomain MY_AD_DOMAIN
> > SSPIOfferBasic On
> >
> > AuthType Basic
> > AuthUserFile "/srv/svn/auth/basic_users"
> >
> > AuthzSVNAccessFile "/srv/svn/auth/svn_users"
> >
> > </Location>
> >
> > Regards,
> > Frank
> >
> That configuration looks like it's good for Apache 2.0, but not 2.2.
> The "AuthAuthoritative" directive is no longer used in 2.2. My
> configuration looks very similar to that, except that instead of
> AuthAuthoritative, I have AuthBasicAuthoritative. But it doesn't work,
> as I previously described. Does anyone have a configuration that works
> specifically on Apache 2.2?
>
> Regards,
> Craig McQueen
>
>
>
Ahh - so right you are on the version - sorry for wasting your cycles...

Could you post the relevant portion of your config file for us to look
at? The only thing that I can really see that mattered in the notes on
the link you provided in your original post is to make sure to specify
that neither authentication mechanism is to be authoritative. Had I not
read the instructions twice (or thrice) I would have missed that in my
own configuration.

At the very least, if you can't see the issue perhaps another on the
list will see the nefarious command keeping you from your goals.

Regards,
Frank

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=981020

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-08 10:41:20 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.