Apache 2.2 + Mod_Authnz_External + Subversion AuthUserFile

[Frank Gruman <fg...@verizon.net>]

Hi all,

I am looking at moving my Apache server to 2.2 to keep up with some of 
our other web servers on other products.  One of the big reasons for 
this is the massive change in authentication/authorization, and our 
administration process tries to keep things as close in version as 
possible (we have products getting ready to roll out the door on 2.2).  
I have looked, and cannot find a working PAM module that takes care of 
what I had in 2.0.x.  So I am looking at and testing 
mod_authnz_external.  This links to my PAM configuration.  My users all 
authenticate to an Active Directory structure, and for various other 
reasons I have had to implement Winbind/PAM rather than LDAP.

So the problem - I can get the external authorization to work, but the 
system seems to ignore the AuthzSVNAccessFile for path browsing.  There 
are no errors reported.  It's as if the system is just ignoring my svn 
access file.  Basically - anyone who can authenticate (3000+ employees 
of the company) could access the repository because it is not adhering 
to the rules in the auth file.  The file is readable by the apache user 
(wwwrun).

I have attached a copy of my Apache configuration and auth file.

Any help would be appreciated.

Regards,
Frank

<Location /code>
  DAV svn
  SVNParentPath /code_repos
  SVNIndexXSLT /svnindex.xsl
  SVNListParentPath on
  AuthType Basic
  AuthBasicProvider external
  AuthExternal pwauth
  AuthName "Micros Code Repository"
  AuthzSVNAccessFile /code_repos/access.list
  satisfy all
  require valid-user

</Location>





[groups]
sysadmin = fgruman
myreposdevs = empty
myreposmgr = empty
myreposadmin = empty

[myrepos:/]
@myreposdevs     = rw
@myreposmgr      = rw
@myreposadmin    = rw




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org