[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Apache/SSPI + Anonymous login

From: Francis Padonou <francis.padonou_at_apf.asso.fr>
Date: Mon, 30 Nov 2009 09:24:53 -0800 (PST)

Hello everybody,

I am currently working on a project for which I’ve set up a
SVN repository in our Windows Server Domain.
Access to it is provided by an Apache server that performs
an authentification by using the mod_auth_sspi module.
The whole system is hosted on a Windows 2003 Server and,
as of now, everything went well together.
FYI, our Apache log line is the following:
Apache/2.2.8 (Win32) DAV/2 mod_auth_sspi/1.0.4 SVN/1.5.5

The main users of the repository are the project manager and I.
Since we both have our accounts registered on the domain we are able
to connect to the repository with our client (we are using Tortoise)
Now we need to set up Apache in order to let an anonymous user gain
access to our repository in a read-only mode.
Our Apache SVN path is configured as follows:

  <Location /svn>
    DAV svn
    # Répertoire de dépôt
    SVNParentPath E:/svn_repository
    SVNIndexXSLT "/svnindex.xsl"
    SVNAutoversioning on
 
    # Authentification Windows
    AuthType Basic
    AuthName "LDAP pour Subversion"

    SSPIAuth On
    SSPIAuthoritative On
    SSPIDomain APFI
    SSPIOfferBasic On
    SSPIOmitDomain On
    Require group OUR_DOMAIN\our_group
  
    AuthzSVNAuthoritative On
    AuthzSVNAccessFile E:/svn_repository/rep-authz
  </Location>

So what I did was to add a user in to an httpd_users file with
the htpasswd command and add an anonymous section related to that user,
namely:

  <Location /svn>
  [...]
    AuthBasicAuthoritative On
    AuthBasicProvider anon
    AuthType Basic
    AuthName "LDAP pour Subversion"

    SSPIAuth On
    SSPIOfferSSPI Off
    SSPIAuthoritative Off
    SSPIDomain APFI
    SSPIOfferBasic On
    SSPIOmitDomain On
    Require group OUR_DOMAIN\our_group

    Anonymous_NoUserID Off
    Anonymous_MustGiveEmail Off
    Anonymous_LogEmail Off
    Anonymous anon_user
        
    AuthzSVNAuthoritative On
    AuthzSVNAccessFile E:/svn_repository/rep-authz
  </Location>

This layout does not seem to work for me; whenever I try to log in with
the user anon_user ID from my computer's browser or its command line,
the SSPI module asks its credentials (I would rather have it not to do that), and it seems to never let
the ANON one get the data. I read In the SSPI module documentation
that SSPIOfferSSPI and SSPIAuthoritative were to be set
Off in order to let the user information get to the lower level
modules (even though it seems a bit redundant to me). I tried not to set up any special settings, so I am confused.
Could someone tell me where I went wrong ?

Any help will be greatly appreciated.

Best regards,

Francis Padonou
Programmer-analyst – Association des Paralysés de France
francis.padonou_at_apf.asso.fr

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2425586

Please start new threads on the <users_at_subversion.apache.org> mailing list.
To subscribe to the new list, send an empty e-mail to <users-subscribe_at_subversion.apache.org>.
Received on 2009-11-30 18:27:14 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.