Authentication of sync user on write-through proxy.
From: Terry Dooher <Terry.Dooher_at_naturalmotion.com>
Date: Thu, 13 Jun 2013 09:45:47 +0100
Hi all,
I've set up a write-through proxy for one of our studios and I'm getting Access Denied errors when the post-commit hook executes, or when running the sync command manually from the master.
I'm using apache 2.2/mod_dav_svn 1.7.7 on Debian 6.0. The apache config for vhost "repo-slave.example.com" is as follows:
# Primary configuration for local user access.
DAV svn
AuthType Basic
# Sync access.
Order deny,allow
AuthType Basic
When executing the following from the master server
svnsync sync --non-interactive --no-auth-cache --sync-username syncuser \
I get:
svnsync: E175013: Unable to connect to a repository at URL 'http://repo-slave.example.com/repo-proxy-sync'
And this in the slave error log:
[Thu Jun 13 01:02:01 2013] [error] [client 192.168.10.10] Access denied: 'syncuser' OPTIONS :/repo-proxy-sync
So it's 403ing; I think because it can't find 'syncuser' in /etc/apache2/auth/htpass. The problem only occurs when I have the Primary configured at the URI root <Location />. If I set them up on separate adjacent paths, it works; but according to the apache docs, I _should_ be able to override settings in nested Locations. (cf: http://httpd.apache.org/docs/current/sections.html#file-and-web)
Is there a way I can get around this? I could change the Location directives, but I'd prefer the slave URIs to mirror the master URIs (and changing those would impact a lot of automated processes)
Thanks,
Terry.
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.