[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to configure SSL on SSPI?

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Thu, 3 Sep 2009 00:49:47 +0400

Greetings, Michael Tang!

> Do you mean the <Location> block

> <Location /svn>
> DAV svn
   
> SVNPath C:/svnroot

> AuthType SSPI
> AuthName "SVN Server Example"
      
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain CORPLEAR
> SSPIOfferBasic Off
   
> AuthzSVNAccessFile C:/svnroot/conf/SSPI-auth-file
   
> Require valid-user
> </Location>

> should be moved from httpd.conf to httpd-ssl.conf?

> I moved the block to the end of httpd-ssl.conf, and commented out SSPI seting in http.conf.

It should be placed in proper VirtualHost (if you're using them).
If you do not use VH, and your Apache is configured to serve sole purpose of
being SVN backend, then the location of different blocks is irrelevant.

> The authorization was required when https connection started, but only user
> name and password are defined in C:/svnroot/conf/HTTP-passwd-file instead of
> defined in Windows Domain can be used. It means I only access repository by
> username define in the file,even it was commented out in httpd.conf.

> Meanwhile, http can not use authentication with Windows Domain. But it is
> work before <Location> block moved.

> I also tried to diable SSPIOfferBasic, but nothing was happened.

> I attached my httpd.conf and httpd-ssl.conf. My subversion version is
> 1.6.3(r38063), Apach version is 2.2.11.

For a note: 1080 is a SOCKS PROXY port.
Not a very good idea to use commonly known ports for different purposes.

> Could you please give me more details? Please do not hesitate to correct my
> mistake or misunderstanding. Thank you very much!

Remove VirtualHost lines from ssl included file (make that section not VHost)
and take off "Listen 1080" from main file.
It should work on https:// connection now.
Also make sure you do not have many Location blocks defining same location in
one configuration. (Yes, all included files considered single configuration 

--
WBR,
 Andrey Repin (anrdaemon_at_freemail.ru) 03.09.2009, <0:22>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2390431
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-02 22:51:10 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.