subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Kuyk <sean.k...@pramerica.ie>
Subject Apache - Subversion Auth using multiple Location statements
Date Wed, 24 Aug 2011 15:18:46 GMT
Hi,

I'm running Apache 2.2.3 on RHEL 5.5. The server is used as a Subversion 
server. Subversion is at version 1.6.16 and accessed using TortoiseSVN 
1.6.15.

I use global read access to our repositories and authenticate repo updates 
using Kerberos.

I'm now trying to limit both read and write access to a subdirectory 
within a repository to a group of users. To do this I've added a second 
Location statement to httpd.conf, which I was hoping would cause access to 
the subdirectory in question to be authenticated.

However - Although I am prompted for a userid / password when the 
subdirectory in question is accessed the Apache log files shows the 
request as anonymous.

When using one Location statement and authenticating updates only all 
works well and Apache logs show the userid when the repo in question is 
accessed.

Bit at my wits end here - Have tried Allow / Deny / Satisfy / Require 
combinations to no avail - Any help would be greatly appreciated.

My config files :

### ## #

Subversion.conf

<Location /svn>
DAV svn
SVNPathAuthz off
SVNParentPath /var/www/svn
<LimitExcept GET PROPFIND OPTIONS REPORT>
Include /etc/httpd/conf/My_krb5_auth.conf
</LimitExcept>
AuthzSVNAccessFile /etc/httpd/conf/SVNAccessFileAAA
</Location>

<Location /svn/REPO/SUBDIR> ( This is the one I want to limit )
DAV svn
SVNPathAuthz off
SVNParentPath /var/www/svn
<Limit All>
Include /etc/httpd/conf/My_krb5_auth.conf
</Limit>
AuthzSVNAccessFile /etc/httpd/conf/SVNAccessFileBBB
</Location>

### ## #

/etc/httpd/conf/SVNAccessFileAAA
[REPO:/]
* = r
USER111@MYDOMAIN.COM = rw

/etc/httpd/conf/SVNAccessFileBBB
[REPO:/]
USER222@MYDOMAIN.COM = rw

In addition to the above 2 SVNAccessFiles I have also tried the following 
in a single file with one Location statement ( first one above ) :

[REPO:/]
* = r
USER111@MYDOMAIN.COM = rw

[REPO:/SUBDIR]
USER222@MYDOMAIN.COM = rw

### ## #

/etc/httpd/conf/My_krb5_auth.conf
AuthName "Active Directory Login"
AuthType Kerberos
Krb5Keytab /etc/httpd/conf/keytab
KrbAuthRealms MYREALM.COM
KrbVerifyKDC Off
KrbMethodNegotiate Off
KrbSaveCredentials Off
Require valid-user

It APPEARS to me that the fact that there are two Location statements 
causes the issue ( ' empty ' userid in Apache log even though prompted for 
userid / password ) in conjunction with the global read.

Please be gentle - Obviously no great master of Apache & tend to figure 
things out as needed - but this one has me stumped.

Thanks !

Sean 


Mime
View raw message