Hello everybody,
I am currently working on a project for which I’ve set up a
SVN repository in our Windows Server Domain.
Access to it is provided by an Apache server that performs
an authentification by using the mod_auth_sspi module.
The whole system is hosted on a Windows 2003 Server and,
as of now, everything went well together.
FYI, our Apache log line is the following:
Apache/2.2.8 (Win32) DAV/2 mod_auth_sspi/1.0.4 SVN/1.5.5
The main users of the repository are the project manager and I.
Since we both have our accounts registered on the domain we are able
to connect to the repository with our client (we are using Tortoise)
Now we need to set up Apache in order to let an anonymous user gain
access to our repository in a read-only mode.
Our Apache SVN path is configured as follows:
<Location /svn>
DAV svn
# Répertoire de dépôt
SVNParentPath E:/svn_repository
SVNIndexXSLT "/svnindex.xsl"
SVNAutoversioning on
# Authentification Windows
AuthType Basic
AuthName "LDAP pour Subversion"
SSPIAuth On
SSPIAuthoritative On
SSPIDomain APFI
SSPIOfferBasic On
SSPIOmitDomain On
Require group OUR_DOMAIN\our_group
AuthzSVNAuthoritative On
AuthzSVNAccessFile E:/svn_repository/rep-authz
</Location>
So what I did was to add a user in to an httpd_users file with
the htpasswd command and add an anonymous section related to that user,
namely:
<Location /svn>
[...]
AuthBasicAuthoritative On
AuthBasicProvider anon
AuthType Basic
AuthName "LDAP pour Subversion"
SSPIAuth On
SSPIOfferSSPI Off
SSPIAuthoritative Off
SSPIDomain APFI
SSPIOfferBasic On
SSPIOmitDomain On
Require group OUR_DOMAIN\our_group
Anonymous_NoUserID Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail Off
Anonymous anon_user
AuthzSVNAuthoritative On
AuthzSVNAccessFile E:/svn_repository/rep-authz
</Location>
This layout does not seem to work for me; whenever I try to log in with
the user anon_user ID from my computer's browser or its command line,
the SSPI module asks its credentials (I would rather have it not to do that), and it seems to never let
the ANON one get the data. I read In the SSPI module documentation
that SSPIOfferSSPI and SSPIAuthoritative were to be set
Off in order to let the user information get to the lower level
modules (even though it seems a bit redundant to me). I tried not to set up any special settings, so I am confused.
Could someone tell me where I went wrong ?
Any help will be greatly appreciated.
Best regards,
Francis Padonou
Programmer-analyst – Association des Paralysés de France
francis.padonou_at_apf.asso.fr
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2425586
Please start new threads on the <users_at_subversion.apache.org> mailing list.
To subscribe to the new list, send an empty e-mail to <users-subscribe_at_subversion.apache.org>.
Received on 2009-11-30 18:27:14 CET