You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Nitin Shukla <ni...@infotech.stph.net> on 2002/12/20 07:09:54 UTC

How Apache authenticates against webdav requests?

Hello,

I am interested to find the flow control for  user  Authentication by Apache
server when it receives the WebDav Delta V requests. Assuming that the
mod_dav module is up and running with the httpd 2.0, will a webdav/http
request be passed on to the mod_dav module which in turn calls the
"mod_auth_db" for  user  authentication or the webdav/http request is passed
on the mod_auth_db for authentication before sending to the request to
"mod_dav" for interpretation. Can "mod_auth_db" authenticate  user against
the webdav/http request?

Cheers,
Nitin.

Re: How Apache authenticates against webdav requests?

Posted by Ben Collins-Sussman <su...@collab.net>.

"Nitin Shukla" <ni...@infotech.stph.net> writes:

> I am interested to find the flow control for  user  Authentication by Apache
> server when it receives the WebDav Delta V requests. Assuming that the
> mod_dav module is up and running with the httpd 2.0, will a webdav/http
> request be passed on to the mod_dav module which in turn calls the
> "mod_auth_db" for  user  authentication or the webdav/http request is passed
> on the mod_auth_db for authentication before sending to the request to
> "mod_dav" for interpretation. Can "mod_auth_db" authenticate  user against
> the webdav/http request?

You need to read about how authentication works in general for Apache.

mod_dav and mod_dav_svn don't do authentication at all; they merely
serve the resources.  Instead, we set up our <Location> blocks like
this (as described in the svn book, and in the INSTALL file):

<Location /svn>
  DAV svn
  SVNParentPath /usr/local/svn
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /path/to/users/file
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
</Location>

This setup has mod_auth doing the authentication, using HTTP "basic"
auth against a specific AuthUserFile.  An apache module can choose to
'hook' into the request process at any point: mod_auth attaches to
apache's authentication hook, and mod_dav attaches to apache's
resource-serving hook.

The apache documentation can explain this in more detail.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org