Hi,
Since upgrading to v1.5.4 (r33841) from v1.4.x, I cannot get SVN and
Apache to work without allowing anonymous read-write access. I must have
done something wrong, but I just can't understand what.
SVN 1.5.4 with Apache 2.2.6, Kerberos authentication, Solaris 10. Same
applies to a configuration using basic authentication.
<Location /svn>
DAV svn
SVNParentPath /admin/svn/repos
AuthzSVNAccessFile /admin/svn/etc/authz.conf
AuthType Kerberos
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthoritative On
KrbAuthRealms KRB.REALM
Krb5Keytab /admin/svn/etc/keytab
Require valid-user
</Location>
The authz.conf looks like:
[/]
* =
[wmicmf:/]
user_at_KRB.REALM = rw
Importing or commiting into the repository results in:
svn: Server sent unexpected return value (500 Internal Server Error) in
response to PUT request for
'/svn/wmicmf/!svn/wrk/5a653e1e-c926-6227-e246-bbd79f5a52d9/test.c'
If anonymous read access is granted, the error becomes:
svn: Server sent unexpected return value (403 Forbidden) in response to
MERGE request for '/svn/wmicmf'
The Apache error log shows that authenticated access is used throughout
the server/client exchanges except for GET and METHOD methods:
Without anonymous read:
Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' MKACTIVITY wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:
Access granted: 'user_at_KRB.REALM' PROPPATCH wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' PUT wmicmf:/test.c
Access denied: - GET wmicmf:/test.c
Access granted: 'user_at_EUR.WM.UBS.NET' DELETE wmicmf:
With anonymous read access:
Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' MKACTIVITY wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:
Access granted: 'user_at_KRB.REALM' PROPPATCH wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' PUT wmicmf:/test.c
Access granted: - GET wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' PROPPATCH wmicmf:/test.c
Access granted: - GET wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' MERGE wmicmf:
Access denied: - MERGE wmicmf:
Access granted: 'user_at_KRB.REALM' DELETE wmicmf:
Kind regards,
Iestyn.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1034860
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-01-27 22:24:21 CET