You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Francois Beausoleil <fb...@users.sourceforge.net> on 2003/08/23 16:13:11 UTC
Apache/mod_authz_svn configuration for anonymous repository browsing
Hi !
I was searching for information on how to setup anonymous browsing, and
no mention of it is made in the book. The
http://svn.collab.net/repos/svn/trunk/subversion/mod_authz_svn/INSTALL
mentions that we need a dummy anonymous account, but I could not find any
more information about that.
Would someone be so kind as to help me out ? I created a user named
anonymous with no password. But, when I browse the repository, I still
have to say that I am anonymous.
Can this be prevented ?
Thanks for any help,
François
Developer of Java Gui Builder
http://jgb.sourceforge.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Apache/mod_authz_svn configuration for anonymous repository browsing
Posted by Greg Thomas <Gr...@TheThomasHome.co.uk>.
On Sat, 23 Aug 2003 12:13:11 -0400, "Francois Beausoleil"
<fb...@users.sourceforge.net> wrote:
> I created a user named
> anonymous with no password. But, when I browse the repository, I still
> have to say that I am anonymous.
You could always try publishing the URL as
http://anonymous@wherever.domain/svn - i.e. pass the authentication
details in the URL.
Greg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Apache/mod_authz_svn configuration for anonymous repository browsing
Posted by Francois Beausoleil <fb...@users.sourceforge.net>.
Hello Seth,
Hey ! Thanks for the info. Will try it out.
Bye !
François
On Mon, 25 Aug 2003 09:50:50 -0700, "Seth Falcon" <sf...@fhcrc.org>
said:
> > > Alternative to waiting: export the repository twice (two location
> > > blocks).
> > > Once with mod_authz_svn set up, and once with:
> > >
> > > <LimitExcept OPTIONS GET PROPFIND REPORT>
> > > Deny from All
> > > </LimitExcept>
> > >
> > >
> > > Sander
>
> On Sat, Aug 23, 2003 at 04:17:27PM -0400, Francois Beausoleil wrote:
> > Thanks,
> >
> > That would not work though. I want some parts of it protected and others
> > publicly available.
> >
>
> Note that the apache basic auth allows you to have fairly fine grained
> access control by using multiple <LocationMatch> sections in which you
> can define different Limit/LimitExcept blocks. I've used this to have
> different subdirs in the repository write-able by different users but
> readable by everyone.
>
> For example, the following should allow anonymous read access to the
> entire repository except for subdir 'privateDir'. Only members of group
> svn_committers can make changes and only members of group topsecret can
> do anything to privateDir:
>
> <Location /svn/repos>
> DAV svn
> SVNPath /path/to/repos
> AuthType Basic
> AuthName "Subversion repository"
> AuthUserFile /path/to/passwd
> AuthGroupFile /path/to/group
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require group svn_committers
> </LimitExcept>
> </Location>
> <LocationMatch "^/svn/repos/privateDir">
> AuthType Basic
> AuthName "Subversion repository"
> AuthUserFile /path/to/passwd
> AuthGroupFile /path/to/group
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require group topsecret
> </LimitExcept>
> <Limit GET PROPFIND OPTIONS REPORT>
> Require group topsecret
> </Limit>
> </LocationMatch>
>
> Hope that helps. BTW, where should I look for info on mod_authz_svn?
> What does it do that the vanilla apache auth stuff doesn't?
>
> + seth
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
Developer of Java Gui Builder
http://jgb.sourceforge.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Apache/mod_authz_svn configuration for anonymous repository browsing
Posted by Seth Falcon <sf...@fhcrc.org>.
> > Alternative to waiting: export the repository twice (two location
> > blocks).
> > Once with mod_authz_svn set up, and once with:
> >
> > <LimitExcept OPTIONS GET PROPFIND REPORT>
> > Deny from All
> > </LimitExcept>
> >
> >
> > Sander
On Sat, Aug 23, 2003 at 04:17:27PM -0400, Francois Beausoleil wrote:
> Thanks,
>
> That would not work though. I want some parts of it protected and others
> publicly available.
>
Note that the apache basic auth allows you to have fairly fine grained
access control by using multiple <LocationMatch> sections in which you
can define different Limit/LimitExcept blocks. I've used this to have
different subdirs in the repository write-able by different users but
readable by everyone.
For example, the following should allow anonymous read access to the
entire repository except for subdir 'privateDir'. Only members of group
svn_committers can make changes and only members of group topsecret can
do anything to privateDir:
<Location /svn/repos>
DAV svn
SVNPath /path/to/repos
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/passwd
AuthGroupFile /path/to/group
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group svn_committers
</LimitExcept>
</Location>
<LocationMatch "^/svn/repos/privateDir">
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/passwd
AuthGroupFile /path/to/group
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group topsecret
</LimitExcept>
<Limit GET PROPFIND OPTIONS REPORT>
Require group topsecret
</Limit>
</LocationMatch>
Hope that helps. BTW, where should I look for info on mod_authz_svn?
What does it do that the vanilla apache auth stuff doesn't?
+ seth
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Apache/mod_authz_svn configuration for anonymous repository browsing
Posted by Francois Beausoleil <fb...@users.sourceforge.net>.
Thanks,
That would not work though. I want some parts of it protected and others
publicly available.
Thanks anyway,
François
On Sat, 23 Aug 2003 18:34:39 +0200, "Sander Striker" <st...@apache.org>
said:
> > From: Sander Striker [mailto:striker@apache.org]
> > Sent: Saturday, August 23, 2003 6:19 PM
>
> > > From: Francois Beausoleil [mailto:fbos@users.sourceforge.net]
> > > Sent: Saturday, August 23, 2003 6:13 PM
> >
> > > Hi !
> > >
> > > I was searching for information on how to setup anonymous browsing, and
> > > no mention of it is made in the book. The
> > > http://svn.collab.net/repos/svn/trunk/subversion/mod_authz_svn/INSTALL
> > > mentions that we need a dummy anonymous account, but I could not find any
> > > more information about that.
> > >
> > > Would someone be so kind as to help me out ? I created a user named
> > > anonymous with no password. But, when I browse the repository, I still
> > > have to say that I am anonymous.
> >
> > That's why you needed to create the anonymous account and publish the
> > password.
> >
> > > Can this be prevented ?
> >
> > Nope. This is a limitation of how the auth[nz] hooks currently work in
> > httpd-2.0. We will be looking into that. Someday.
>
> Alternative to waiting: export the repository twice (two location
> blocks).
> Once with mod_authz_svn set up, and once with:
>
> <LimitExcept OPTIONS GET PROPFIND REPORT>
> Deny from All
> </LimitExcept>
>
>
> Sander
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
Developer of Java Gui Builder
http://jgb.sourceforge.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Apache/mod_authz_svn configuration for anonymous repository browsing
Posted by John Locke <ma...@freelock.com>.
Sander Striker wrote:
>>>From: Francois Beausoleil [mailto:fbos@users.sourceforge.net]
>>>Sent: Saturday, August 23, 2003 6:13 PM
>>>
>>>
>>>Would someone be so kind as to help me out ? I created a user named
>>>anonymous with no password. But, when I browse the repository, I still
>>>have to say that I am anonymous.
>>>
>>>
>>That's why you needed to create the anonymous account and publish the
>>password.
>>
>>
>>
>>>Can this be prevented ?
>>>
>>>
>>Nope. This is a limitation of how the auth[nz] hooks currently work in
>>httpd-2.0. We will be looking into that. Someday.
>>
>>
What about using mod_auth_anon? Set up an anonymous user that doesn't
require a password, but does require them to type in the name... then
use the name in mod_authz_svn?
Question about this: the Apache manual for authentication modules states
that they're applied in the order specified in modules.c. In a
pre-compiled Apache without the sources, how can I determine the
sequence that's been compiled in? Is there any run-time command I can use?
Cheers,
John Locke
http://freelock.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Apache/mod_authz_svn configuration for anonymous repository browsing
Posted by Sander Striker <st...@apache.org>.
> From: Sander Striker [mailto:striker@apache.org]
> Sent: Saturday, August 23, 2003 6:19 PM
> > From: Francois Beausoleil [mailto:fbos@users.sourceforge.net]
> > Sent: Saturday, August 23, 2003 6:13 PM
>
> > Hi !
> >
> > I was searching for information on how to setup anonymous browsing, and
> > no mention of it is made in the book. The
> > http://svn.collab.net/repos/svn/trunk/subversion/mod_authz_svn/INSTALL
> > mentions that we need a dummy anonymous account, but I could not find any
> > more information about that.
> >
> > Would someone be so kind as to help me out ? I created a user named
> > anonymous with no password. But, when I browse the repository, I still
> > have to say that I am anonymous.
>
> That's why you needed to create the anonymous account and publish the
> password.
>
> > Can this be prevented ?
>
> Nope. This is a limitation of how the auth[nz] hooks currently work in
> httpd-2.0. We will be looking into that. Someday.
Alternative to waiting: export the repository twice (two location blocks).
Once with mod_authz_svn set up, and once with:
<LimitExcept OPTIONS GET PROPFIND REPORT>
Deny from All
</LimitExcept>
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Apache/mod_authz_svn configuration for anonymous repository browsing
Posted by Sander Striker <st...@apache.org>.
> From: Francois Beausoleil [mailto:fbos@users.sourceforge.net]
> Sent: Saturday, August 23, 2003 6:13 PM
> Hi !
>
> I was searching for information on how to setup anonymous browsing, and
> no mention of it is made in the book. The
> http://svn.collab.net/repos/svn/trunk/subversion/mod_authz_svn/INSTALL
> mentions that we need a dummy anonymous account, but I could not find any
> more information about that.
>
> Would someone be so kind as to help me out ? I created a user named
> anonymous with no password. But, when I browse the repository, I still
> have to say that I am anonymous.
That's why you needed to create the anonymous account and publish the
password.
> Can this be prevented ?
Nope. This is a limitation of how the auth[nz] hooks currently work in
httpd-2.0. We will be looking into that. Someday.
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org