[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: How to configure SSL on SSPI?

From: Johan Corveleyn <johan.corveleyn_at_uz.kuleuven.ac.be>
Date: Mon, 31 Aug 2009 12:23:06 +0200

> Van: Michael Tang [mailto:tang_at_phy.ccnu.edu.cn]
>
> Hello All,
>
> I have setup SSL secured connections (https) for my Subversion and
> https works well. Now, I am trying to set authentication with a
> Windows Domain with SSPI. But after I set up SSPI, the
> authorization (Windows Domain userid and password) only valid for
> http. For https, No authorization need and anyone can access
> repository.
>
> According to document (
> http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-
> serversetup-apache.html#tsvn-serversetup-apache-6), The SSPI
> authentication is only enabled for SSL secured connections(https).
>
> What is wrong in my configuration?
>
> I only added /changed some contents in httpd.conf for SSPI below,
>
> Added
>
> LoadModule sspi_auth_module modules/mod_auth_sspi.so
>
> LoadModule dav_fs_module modules/mod_dav_fs.so
>
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain DOMAIN_NAME
> SSPIOfferBasic On
>
> and changed
>
> AuthType from 'Basic' to 'SSPI'
>
> AuthzSVNAccessFile from 'basic_auth_file' to 'SSPI_auth_file'.
>
> and other setting has not been changed. More details please find
> the attached.

I think you've been editing the wrong <Location> block, the one that's specific for the http access. According to the httpd.conf.err that you attached, I'm guessing that you need to edit another file, namely: conf/httpd-ssl.conf

Since your httpd.conf.err contains the following line:
Include conf/httpd-ssl.conf

There should be a similar Location block in httpd-ssl.conf. That's the one you need to work on. Also: I suppose in the end you need to disable plain http access (or limit it in some way). Otherwise it makes little sense to secure the https access. See Apache documentation for more information on how to do this...

Regards,
Johan

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2388823

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-31 12:24:40 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.