You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Kasia Trapszo <kt...@tickets.com> on 2004/07/22 21:55:42 UTC

Question on ntlm..

I have configured apache2 with mod_dav and Apache-AuthenNTLM which works
fine.. the problem I have is trying to use AuthzSVNAccessFile.

If I configure the file to 

[/]
* = 

It works fine.. gives everyone access, but trying to add users and it
always fails "authorization required"


My apache config: 

<Location /rep>
   DAV svn
   SVNPath /repos/rep
                                                                                                                                 
   PerlAuthenHandler Apache::AuthenNTLM
   AuthType ntlm,basic
   AuthName "Repository"
   PerlAddVar ntdomain "NTDOM TICKETS-PDC"
   PerlSetVar defaultdomain NTDOM
   PerlSetVar ntlmdebug 0
                                                                                                                                 
   Require valid-user
                                                                                                                                 
   AuthzSVNAccessFile  /repos/rep/conf/authfile
</Location>


The authfile:

[/]
ntdom\\ktrapszo = rw


(I tried it w/o the domain name in there, just ktrapszo as well and it
also fails). 


From apache log:
[Thu Jul 22 14:50:15 2004] [error] [client 10.1.1.1] Access denied:
'ntdom\\ktrapszo' GET rep:/


Has anyone done this succesfully? Is it the \\ in username that's
causing the issue? How can I get around it? 

I searched the mailing list archive and it wasn't helpful.. 

Thanks! 

-- 
Kasia Trapszo <kt...@tickets.com> 
Software Engineer - Tickets.com

office: 203-741-3028      cell: 860-916-8179
aim: kasiachick            yim: kasiachick

     Telepathy available upon request


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Question on ntlm..

Posted by Kasia Trapszo <kt...@tickets.com>.

Nevermind.. I answered my own question, the perl module is capable of
returning the username w/o the domain prefix.

PerlSetVar splitdomainprefix 1 

Fixes this issue.

Now if only this could work for commits.. has anyone been able to do
that? 

k.


On Thu, 2004-07-22 at 17:55, Kasia Trapszo wrote:
> I have configured apache2 with mod_dav and Apache-AuthenNTLM which works
> fine.. the problem I have is trying to use AuthzSVNAccessFile.
> 
> If I configure the file to 
> 
> [/]
> * = 
> 
> It works fine.. gives everyone access, but trying to add users and it
> always fails "authorization required"
> 
> 
> My apache config: 
> 
> <Location /rep>
>    DAV svn
>    SVNPath /repos/rep
>  
> 
>    PerlAuthenHandler Apache::AuthenNTLM
>    AuthType ntlm,basic
>    AuthName "Repository"
>    PerlAddVar ntdomain "NTDOM TICKETS-PDC"
>    PerlSetVar defaultdomain NTDOM
>    PerlSetVar ntlmdebug 0
>  
> 
>    Require valid-user
>  
> 
>    AuthzSVNAccessFile  /repos/rep/conf/authfile
> </Location>
> 
> 
> The authfile:
> 
> [/]
> ntdom\\ktrapszo = rw
> 
> 
> (I tried it w/o the domain name in there, just ktrapszo as well and it
> also fails). 
> 
> 
> >From apache log:
> [Thu Jul 22 14:50:15 2004] [error] [client 10.1.1.1] Access denied:
> 'ntdom\\ktrapszo' GET rep:/
> 
> 
> Has anyone done this succesfully? Is it the \\ in username that's
> causing the issue? How can I get around it? 
> 
> I searched the mailing list archive and it wasn't helpful.. 
> 
> Thanks! 
-- 
Kasia Trapszo <kt...@tickets.com> 
Software Engineer - Tickets.com

office: 203-741-3028      cell: 860-916-8179
aim: kasiachick            yim: kasiachick

     Telepathy available upon request


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Question on ntlm..

Posted by Kasia Trapszo <kt...@tickets.com>.

I was able to fix the perl module so now it works.. I'll email the
module's author with my change.

k.


On Fri, 2004-07-23 at 09:55, Seth Falcon wrote:
> On Thu, Jul 22, 2004 at 05:55:42PM -0400, Kasia Trapszo wrote:
> > I have configured apache2 with mod_dav and Apache-AuthenNTLM which
> works
> > fine.. the problem I have is trying to use AuthzSVNAccessFile.
> 
> [snip]
> 
> > Has anyone done this succesfully? Is it the \\ in username that's
> > causing the issue? How can I get around it? 
> 
> We are using mod_ntlm for authentication against Windows domain
> controllers.  We are not using any Perl modules.  If you want details
> let me know.
> 
> + seth
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
-- 
Kasia Trapszo <kt...@tickets.com> 
Software Engineer - Tickets.com

office: 203-741-3028      cell: 860-916-8179
aim: kasiachick            yim: kasiachick

     Telepathy available upon request


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Question on ntlm..

Posted by Seth Falcon <sf...@fhcrc.org>.

On Thu, Jul 22, 2004 at 05:55:42PM -0400, Kasia Trapszo wrote:
> I have configured apache2 with mod_dav and Apache-AuthenNTLM which works
> fine.. the problem I have is trying to use AuthzSVNAccessFile.

[snip]

> Has anyone done this succesfully? Is it the \\ in username that's
> causing the issue? How can I get around it? 

We are using mod_ntlm for authentication against Windows domain
controllers.  We are not using any Perl modules.  If you want details
let me know.

+ seth


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Question on ntlm..

Posted by Kasia Trapszo <kt...@tickets.com>.

Thanks for your reply.
(I was able to make the module just provide the username with the domain
stripped).

Now given that you have this working.. are you able to commit using this
setup? I haven't been able to do that. 

k.



On Thu, 2004-07-22 at 19:12, Felix Collins wrote:
> > I have configured apache2 with mod_dav and Apache-AuthenNTLM which
> works
> > fine.. the problem I have is trying to use AuthzSVNAccessFile.
> > 
> > If I configure the file to 
> > 
> > [/]
> > * = 
> 
> Shouldn't that be
> [/]
> * = rw
> 
> > 
> > [/]
> > ntdom\\ktrapszo = rw
> > 
> 
> try
> 
> NTDOM\ktrapszo = rw
> 
> 
> Thats what works on our setup.
> 
> HTH,
> Felix
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
-- 
Kasia Trapszo <kt...@tickets.com> 
Software Engineer - Tickets.com

office: 203-741-3028      cell: 860-916-8179
aim: kasiachick            yim: kasiachick

     Telepathy available upon request


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Question on ntlm..

Posted by Felix Collins <fe...@keyghost.com>.

> I have configured apache2 with mod_dav and Apache-AuthenNTLM which works
> fine.. the problem I have is trying to use AuthzSVNAccessFile.
> 
> If I configure the file to 
> 
> [/]
> * = 

Shouldn't that be
[/]
* = rw

> 
> [/]
> ntdom\\ktrapszo = rw
> 

try

NTDOM\ktrapszo = rw


Thats what works on our setup.

HTH,
Felix

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org