You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Julian Foad <ju...@btopenworld.com> on 2004/10/01 14:32:35 UTC
Re: Checkouts fail with mod_authz_svn/FakeBasicAuth
Looking through old mail...
Dan Ports wrote:
> I've run into what seems to be a bug in Subversion or Apache. The
> quick summary: checkouts fail when using mod_authz_svn with mod_ssl's
> FakeBasicAuth option to achieve repository access control based on
> client SSL certificates. This appears to be due to a problem with
> authentication in subrequests.
[...]
Sorry to hear you had trouble and got no reply on the mailing list. Please feel free to re-post your query if you haven't resolved the problem.
If anyone doesn't get a response on this list within a couple of (working) days it may be that nobody can help or it may be that the one or two people who might be able to help were too busy with other things when they saw your message, or whatever, so please do ask again.
- Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Checkouts fail with mod_authz_svn/FakeBasicAuth
Posted by Dan Ports <dr...@mit.edu>.
On Fri, Oct 01, 2004 at 03:32:35PM +0100, Julian Foad wrote:
> Dan Ports wrote:
> > I've run into what seems to be a bug in Subversion or Apache. The
> >quick summary: checkouts fail when using mod_authz_svn with mod_ssl's
> >FakeBasicAuth option to achieve repository access control based on
> >client SSL certificates. This appears to be due to a problem with
> >authentication in subrequests.
> [...]
>
> Sorry to hear you had trouble and got no reply on the mailing list. Please
> feel free to re-post your query if you haven't resolved the problem.
I am indeed still having this problem, though the patch (against
Apache mod_ssl) I described in my previous message appears to solve it.
Briefly, I'm trying to use FakeBasicAuth and mod_authz_svn to restrict
access to parts of my repository to certain certificate-authenticated
users. The problem seems to be that FakeBasicAuth authentication
information is not preserved when a HTTP request generates a
subrequest, so authz_svn authorization based on FakeBasicAuth
certificate information fails to work.
For more details, see my original post,
http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=73775
Kevin Bentley also recently posted some notes on how to use mod_ssl's
SSLUserName option with authz_svn to accomplish the same goal, but this
appears to require patching both mod_ssl and mod_authz_svn.
I'm currently running Subversion 1.0.6 with Apache 2.0.50; I'll see if
I can find some time this weekend to upgrade and test with the latest
version, though I doubt this will change anything.
Dan
--
Dan R. K. Ports
Research Minion
Massachusetts Institute of Technology <dr...@mit.edu>
Computer Science and Artificial Intelligence Lab <dr...@csail.mit.edu>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org