[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Troubles with VirtualHost configuration: never asked for password

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Wed, 13 Jan 2010 04:36:06 +0300

Greetings, Will Scheidegger!

> I'm having a hard time configuring my virtual host to restrict access to my
> subversion repository. This is what my conf looks like:

> #Virtual Host Configuration

> <VirtualHost w.x.y.z:80>
> ServerName svn.domain.com

> <Location /svn/myproject>
> Order Allow,Deny
> Allow from all
        
> DAV svn
> SVNPath /usr/local/svn/myproject
> AuthType Basic
> AuthName "Subversion Repository"
> AuthUserFile /etc/subversion/passwd
> Require valid-user
> </Location>
> </VirtualHost>

> Without the "Order Allow,Deny" + "Allow from all" directive the default
> virtual host configuration takes over and access is denied ("Server sent
> unexpected return value (403 Forbidden) in response to OPTIONS request...").
> But with the directives I'm never asked for a password. According to all the
> manuals I consulted on the web, this setup _should_ challenge the user for a
> password (stored in /etc/subversion/passwd). Do I need to configure
> something else, i.e. modify stuff in /usr/local/svn/myproject/conf?

Try running svn command with --no-auth-cache switch.
Not really see what's wrong with your setup...
For a convenience, here's my own configuration of authorization block (It
using SSPI module, however, you have to replace relevant directives by ones
suitable for your auth scheme):

<VirtualHost *>
    ServerName svn.mydomain.local
    ServerAlias svn.example.org

    DocumentRoot "C:/home/svn"
    AddDefaultCharset utf-8

    ErrorLog "C:/home/svn/.log/error_log"
    CustomLog "C:/home/svn/.log/access_log" common env=!SVN-ACTION
    CustomLog "C:/home/svn/.log/svn_access_log" svn env=SVN-ACTION

    <IfModule rewrite_module>
# some private stuff here to make all things to work straight
    </IfModule>

    <Location "/">
        Order allow,deny
# Limit access to single local IP
# unless we have working authorization scheme
        Allow from 192.168.1.10

        <IfModule dav_svn_module>
            DAV svn
            SVNParentPath "C:/home/svn"
        </IfModule>

        <IfModule sspi_auth_module>
            Allow from all

            AuthName "Subversion repository"
            AuthType SSPI
            SSPIAuth On
            SSPIAuthoritative On
            SSPIOfferBasic On
            SSPIOmitDomain On
            SSPIUsernameCase lower
            SSPIBasicPreferred Off

            # only developers may access the repository
            Require group "EXAMPLE\CVS"

            # And they should obey to SVN user permissions file
            <IfModule authz_svn_module>
                AuthzSVNAccessFile "C:/home/svn/.registry"
            </IfModule>
        </IfModule>
    </Location>
</VirtualHost>

--
WBR,
 Andrey Repin (anrdaemon_at_freemail.ru) 13.01.2010, <4:28>
Sorry for my terrible english...
Received on 2010-01-13 02:40:39 CET

This is an archived mail posted to the Subversion Users mailing list.