[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Apache/SSPI + Anonymous login

From: Francis Padonou <francis.padonou_at_apf.asso.fr>
Date: Mon, 7 Dec 2009 02:56:38 -0800 (PST)

Hello Andrey,

I am sorry for being so late to answer you, we a bit of surge last week, so I did not have a lot of time available. Anyway, I wanted to thank you for your solution; it gave us some new prospects. Thus, we used your idea of creating a specific user in the Subversion authorization file, then we set up two different locations for each authorization module. As of now it is working as we wished even though it is not as clean I would like it to be.

Many thanks for taking some of your time to bear this with me.

Best regards,

Francis Padonou.

> Greetings, Francis Padonou!
>
> >> Let me check it once again.
> >> You need anonymous read-only access or read-only access for specific user?
> >> Because to me, what you are trying to set up is the latter.
> >>
>
> > You are right, we would like to provide an Apache user with a read-only
> > access. Since the repository will only exist in our intranet, an anonymous
> > access might be an overkill.
>
> I'm not familiar with directives you're trying to use in Apache configuration,
> but i have an idea.
> Why don't you use Subversion path authorization for that?
> Simple
> [/]
> * = r
> ~specificuser = rw
>
> would likely suffice as long as Apache demand authentication to access
> repository.
>
> An excerpt from my own configuration:
>
> <VirtualHost *>
> ServerName svn.mydomain.local
> ServerAlias svn.example.org
>
> DocumentRoot "C:/home/svn"
> AddDefaultCharset utf-8
>
> ErrorLog "C:/home/svn/.log/error_log"
> CustomLog "C:/home/svn/.log/access_log" common env=!SVN-ACTION
> CustomLog "C:/home/svn/.log/svn_access_log" svn env=SVN-ACTION
>
> <IfModule rewrite_module>
> # some private stuff here to make all things to work straight
> </IfModule>
>
> <Location "/">
> Order allow,deny
> # Limit access to single local IP
> # unless we have working authorization scheme
> Allow from 192.168.1.10
>
> <IfModule dav_svn_module>
> DAV svn
> SVNParentPath "C:/home/svn"
> </IfModule>
>
> <IfModule sspi_auth_module>
> Allow from all
>
> AuthName "Subversion repository"
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative On
> SSPIOfferBasic On
> SSPIOmitDomain On
> SSPIUsernameCase lower
> SSPIBasicPreferred Off
>
> # only developers may access the repository
> Require group "EXAMPLE\CVS"
>
> # And they should obey to SVN user permissions file
> <IfModule authz_svn_module>
> AuthzSVNAccessFile "C:/home/svn/.registry"
> </IfModule>
> </IfModule>
> </Location>
> </VirtualHost>
>
> And the C:/home/svn/.registry is just one simple
>
> [aliases]
> [groups]
> [/]
> * = r
> ~thatspecificuser = rw
>
>
> --
> WBR,
> Andrey Repin (anrdaemon_at_freemail.ru) 01.12.2009, <22:10>
>
> Sorry for my terrible english...

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2427792

Please start new threads on the <users_at_subversion.apache.org> mailing list.
To subscribe to the new list, send an empty e-mail to <users-subscribe_at_subversion.apache.org>.
Received on 2009-12-07 11:57:42 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.