[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Mixed authentication and WebSVN on same host

From: Pier-Luc Petitclerc <pl_at_fusi0n.org>
Date: Wed, 8 Jun 2011 17:28:01 -0400

Hello everyone!

I've been struggling with a configuration problem for a few days and I can't
seem to find an acceptable solution. I'll try to explain as clearly as I
can!

The host I've set up for SVN repositories is svn.eratech.ca.
I'd really like to have visual access to my repositories from anywhere, so
I've set up WebSVN as well.

Here is the configuration for apache's virtual host (which is the only one
of my host that's SSL-enabled, if it's relevant):

NameVirtualHost *:443
> <VirtualHost *:443>
> ServerAdmin pL_at_fusi0n.org
> ServerName svn.eratech.ca
> DocumentRoot /usr/share/websvn
> DirectoryIndex wsvn.php index.php
> Alias /templates /usr/share/websvn/templates
> Alias / /usr/share/websvn/wsvn.php/
> <Directory /usr/share/websvn>
> Options -Indexes +FollowSymlinks +MultiViews
> *Satisfy Any
> Require valid-user*
> AuthType Digest
> AuthName "Subversion Repositories"
> *AuthUserFile /var/repos/.svnpasswd.htdigest*
> AuthDigestDomain / /repos
> </Directory>
> <Location */repos*>
> DAV svn
> SVNListParentPath on
> SVNParentPath /var/repos
> *AuthzSVNAccessFile /var/repos/.svnpasswd*
> *Satisfy Any
> Require valid-user*
> AuthType Digest
> *AuthDigestDomain / /repos*
> AuthName "Subversion Repositories"
> *AuthUserFile /var/repos/.svnpasswd.htdigest*
> SSLRequireSSL
> </Location>
> ErrorLog /var/www/eratech.ca/svn/logs/error.log
> LogLevel warn
> CustomLog /var/www/eratech.ca/svn/logs/access.log combined
> SSLEngine on
> SSLCertificateFile /etc/ssl/svn.eratech.ca.crt
> SSLCertificateKeyFile /etc/ssl/svn.eratech.ca.key
> SSLCertificateChainFile /etc/ssl/PositiveSSL.ca-bundle
> </VirtualHost>
>

So, as you can see, I have WebSVN running on / requests and Subversion
intercepting the requests made to /repos.

The problem I have with that is related to the user authentication. I have
read that mixed authentication (anonymous vs "registered") is possible with
authz and that's what I tried implementing.

However, the problem I'm having now is that Apache does *not* ask users for
credentials presumably due to the "Satisfy Any" statement. Unless I am
mistaken, that is how Authz work - to grab usernames off Apache's
authentication and associate it with the ACL specified in
AuthzSVNAccessFile... well, that's not working. I've tried many combinations
to no avail... so is there someone who has configured something similar?

Thanks for your time!!

-- 
- pL
No trees were killed to send this message, but a large number of electrons
were terribly inconvenienced.
Received on 2011-06-09 07:29:54 CEST

This is an archived mail posted to the Subversion Users mailing list.