[lug] setting subversion permissions with apache/mod_dav

Amar Vattakandy amar.vattakandy at gmail.com
Sun Jan 14 04:04:03 MST 2007


Hi,

If I understand the issue right, if everything else is setup right, all you
need is the line
Require valid-user in your .conf file.

A (could be) useful note, rather than using basic auth, for ease of
administration, it might be worth using the NIS password authentication. A
google search on this should get you to an example. Basically it uses
the perl module Apache::AuthenNIS. Hopefully someone could comment on the
strength of this method.

Regards,
Amar


On 1/13/07, D. Stimits <stimits at comcast.net> wrote:
>
> I'm working on a subversion repository on CentOS 4.4, and finally got
> past some of the SElinux problems. Now it is able to be read from over a
> web browser on https, and it properly asks for a user name and pass via
> basic auth (non-SSL can't reach that URL).
>
> Here's the oddball problem: Using a command line client, it allows total
> access without caring about user name/pass. It requires user name and
> pass only from a web browser, but not from the svn client. Here's the
> config:
>
> <Location /svn>
>    Options Indexes MultiViews
>    AllowOverride None
>    Order deny,allow
>    DAV svn
>    SVNParentPath /var/www/svn
>    SSLRequireSSL
>    AuthType Basic
>    AuthName "Subversion Repository"
>    AuthUserFile /etc/passwd-httpd
>    AuthGroupFile /etc/group-httpd
>    Require group devel
> </Location>
>
>
> Has anyone here ever set up an svn repository under apache mod_dav, to
> require a password? How did you get the svn client to prompt for user
> name and password? I even deleted all the temp files from
> ~/.subversion/auth/svn.ssl.server, and all working copies, so there is
> no chance of it having memorized a name and pass (and in fact the user
> name I'm using on the remote machine is different than the name on the
> server). If I can block access to anyone not having a proper login
> name/pass, it'll be ready for use (at the moment IP tables blocks all IP
> addresses except for mine).
>
> D. Stimits, stimits AT comcast DOT net
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20070114/28a6fb9f/attachment.html>


More information about the LUG mailing list