Anonymous access cannot be disabled

From: Iestyn Elfick <iestyn.elfick_at_ubs.com>
Date: Mon, 19 Jan 2009 16:32:25 +0100

Hi,

Since upgrading to v1.5.4 (r33841) from v1.4.x, I cannot get SVN and
Apache to work without allowing anonymous read-write access. I must have
done something wrong, but I just can't understand what.

SVN 1.5.4 with Apache 2.2.6, Kerberos authentication, Solaris 10. Same
applies to a configuration using basic authentication.

<Location /svn>
  DAV svn
  SVNParentPath /admin/svn/repos
  AuthzSVNAccessFile /admin/svn/etc/authz.conf
  AuthType Kerberos
  KrbMethodNegotiate On
  KrbMethodK5Passwd Off
  KrbAuthoritative On
  KrbAuthRealms KRB.REALM
  Krb5Keytab /admin/svn/etc/keytab
  Require valid-user
</Location>

The authz.conf looks like:

[/]
* =

[wmicmf:/]
user_at_KRB.REALM = rw

Importing or commiting into the repository results in:

svn: Server sent unexpected return value (500 Internal Server Error) in
response to PUT request for
'/svn/wmicmf/!svn/wrk/5a653e1e-c926-6227-e246-bbd79f5a52d9/test.c'

If anonymous read access is granted, the error becomes:

svn: Server sent unexpected return value (403 Forbidden) in response to
MERGE request for '/svn/wmicmf'

The Apache error log shows that authenticated access is used throughout
the server/client exchanges except for GET and METHOD methods:

Without anonymous read:

Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' MKACTIVITY wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:
Access granted: 'user_at_KRB.REALM' PROPPATCH wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' PUT wmicmf:/test.c
Access denied: - GET wmicmf:/test.c
Access granted: 'user_at_EUR.WM.UBS.NET' DELETE wmicmf:

With anonymous read access:

Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' OPTIONS wmicmf:/
Access granted: 'user_at_KRB.REALM' MKACTIVITY wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:
Access granted: 'user_at_KRB.REALM' PROPPATCH wmicmf:
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/
Access granted: 'user_at_KRB.REALM' CHECKOUT wmicmf:/
Access granted: 'user_at_KRB.REALM' PROPFIND wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' PUT wmicmf:/test.c
Access granted: - GET wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' PROPPATCH wmicmf:/test.c
Access granted: - GET wmicmf:/test.c
Access granted: 'user_at_KRB.REALM' MERGE wmicmf:
Access denied: - MERGE wmicmf:
Access granted: 'user_at_KRB.REALM' DELETE wmicmf:

Kind regards,

Iestyn.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1034860

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-01-27 22:24:21 CET

This message: [ Message body ]
Next message: postmaster_at_tigris.org: "Once again: The $name$ keyword"
Previous message: Daniel Widenfalk: "svn:mergeinfo on files"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]