You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Michael Tang <ta...@phy.ccnu.edu.cn> on 2009/09/01 05:23:31 UTC

RE: How to configure SSL on SSPI?

Hello Hohn and Andrey,

Thanks for your help!

Do you mean the <Location> block

<Location /svn>
   DAV svn
   
   SVNPath C:/svnroot

   AuthType SSPI
   AuthName "SVN Server Example"
      
   SSPIAuth On
   SSPIAuthoritative On
   SSPIDomain CORPLEAR
   SSPIOfferBasic Off
   
   AuthzSVNAccessFile C:/svnroot/conf/SSPI-auth-file
   
   Require valid-user   
</Location>

should be moved from httpd.conf to httpd-ssl.conf?

I moved the block to the end of httpd-ssl.conf, and commented out SSPI seting in http.conf. 

The authorization was required when https connection started, but only user name and password are defined in C:/svnroot/conf/HTTP-passwd-file instead of defined in Windows Domain can be used. It means I only access repository by username define in the file,even it was commented out in httpd.conf.

Meanwhile, http can not use authentication with Windows Domain. But it is work before <Location> block moved.

I also tried to diable SSPIOfferBasic, but nothing was happened.

I attached my httpd.conf and httpd-ssl.conf. My subversion version is 1.6.3(r38063), Apach version is 2.2.11. 

Could you please give me more details? Please do not hesitate to correct my mistake or misunderstanding. Thank you very much!

Regards
Michael

Re: How to configure SSL on SSPI?

Posted by Andrey Repin <an...@freemail.ru>.

Greetings, Michael Tang!

> Do you mean the <Location> block

> <Location /svn>
>    DAV svn
   
>    SVNPath C:/svnroot

>    AuthType SSPI
>    AuthName "SVN Server Example"
      
>    SSPIAuth On
>    SSPIAuthoritative On
>    SSPIDomain CORPLEAR
>    SSPIOfferBasic Off
   
>    AuthzSVNAccessFile C:/svnroot/conf/SSPI-auth-file
   
>    Require valid-user   
> </Location>

> should be moved from httpd.conf to httpd-ssl.conf?

> I moved the block to the end of httpd-ssl.conf, and commented out SSPI seting in http.conf. 

It should be placed in proper VirtualHost (if you're using them).
If you do not use VH, and your Apache is configured to serve sole purpose of
being SVN backend, then the location of different blocks is irrelevant.

> The authorization was required when https connection started, but only user
> name and password are defined in C:/svnroot/conf/HTTP-passwd-file instead of
> defined in Windows Domain can be used. It means I only access repository by
> username define in the file,even it was commented out in httpd.conf. 

> Meanwhile, http can not use authentication with Windows Domain. But it is
> work before <Location> block moved. 

> I also tried to diable SSPIOfferBasic, but nothing was happened.

> I attached my httpd.conf and httpd-ssl.conf. My subversion version is
> 1.6.3(r38063), Apach version is 2.2.11. 

For a note: 1080 is a SOCKS PROXY port.
Not a very good idea to use commonly known ports for different purposes.

> Could you please give me more details? Please do not hesitate to correct my
> mistake or misunderstanding. Thank you very much! 

Remove VirtualHost lines from ssl included file (make that section not VHost)
and take off "Listen 1080" from main file.
It should work on https:// connection now.
Also make sure you do not have many Location blocks defining same location in
one configuration. (Yes, all included files considered single configuration


--
WBR,
 Andrey Repin (anrdaemon@freemail.ru) 03.09.2009, <0:22>

Sorry for my terrible english...

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2390431

To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].