[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Apache/SSPI + Anonymous login

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Tue, 1 Dec 2009 22:19:52 +0300

Greetings, Francis Padonou!

>> Let me check it once again.
>> You need anonymous read-only access or read-only access for specific user?
>> Because to me, what you are trying to set up is the latter.
>>

> You are right, we would like to provide an Apache user with a read-only
> access. Since the repository will only exist in our intranet, an anonymous
> access might be an overkill.

I'm not familiar with directives you're trying to use in Apache configuration,
but i have an idea.
Why don't you use Subversion path authorization for that?
Simple
[/]
* = r
~specificuser = rw

would likely suffice as long as Apache demand authentication to access
repository.

An excerpt from my own configuration:

<VirtualHost *>
    ServerName svn.mydomain.local
    ServerAlias svn.example.org

    DocumentRoot "C:/home/svn"
    AddDefaultCharset utf-8

    ErrorLog "C:/home/svn/.log/error_log"
    CustomLog "C:/home/svn/.log/access_log" common env=!SVN-ACTION
    CustomLog "C:/home/svn/.log/svn_access_log" svn env=SVN-ACTION

    <IfModule rewrite_module>
# some private stuff here to make all things to work straight
    </IfModule>

    <Location "/">
        Order allow,deny
# Limit access to single local IP
# unless we have working authorization scheme
        Allow from 192.168.1.10

        <IfModule dav_svn_module>
            DAV svn
            SVNParentPath "C:/home/svn"
        </IfModule>

        <IfModule sspi_auth_module>
            Allow from all

            AuthName "Subversion repository"
            AuthType SSPI
            SSPIAuth On
            SSPIAuthoritative On
            SSPIOfferBasic On
            SSPIOmitDomain On
            SSPIUsernameCase lower
            SSPIBasicPreferred Off

            # only developers may access the repository
            Require group "EXAMPLE\CVS"

            # And they should obey to SVN user permissions file
            <IfModule authz_svn_module>
                AuthzSVNAccessFile "C:/home/svn/.registry"
            </IfModule>
        </IfModule>
    </Location>
</VirtualHost>

And the C:/home/svn/.registry is just one simple

[aliases]
[groups]
[/]
* = r
~thatspecificuser = rw 

--
WBR,
 Andrey Repin (anrdaemon_at_freemail.ru) 01.12.2009, <22:10>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2426063
Please start new threads on the <users_at_subversion.apache.org> mailing list.
To subscribe to the new list, send an empty e-mail to <users-subscribe_at_subversion.apache.org>.
Received on 2009-12-01 20:20:59 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.