https, AuthzSVNAccessfile and Basic Authen

[Edward Bosco <eb...@prologic-inc.com>]

Have used the same Authz and htpasswd users file for both an http://
access method, which works, and an https:// site, which doesn't.

The goal is implementing path-based authorization using https SSL
protocol, with Basic authentication on an htpasswd-generated users file,
with path-based authorization defined by an AuthzSVNAccess file. 

Can't get particular paths to _not_ be accessible under https,
AuthzSVNAccess and Basic authentication. I log into the site once, with
username and password, and am not challenged again.  

With svn 1.3.1 on a Windows XP machine, accessing an existing repository
on a Debian Sarge server running 1.3.1-2, I can't keep
a test user from accessing directories or files they ought not to be
able to access.

Using a command line invocation of svn:
C:\Documents and Settings\ebosco>svn ls
https://reatss.prologic-inc.com/svn2/testrepo/core 
--username test --password test --no-auth-cache 
I still get a listing of a directory I ought not see; same holds for svn
log, cat or whatever.

My dav_svn.conf file looks like:

<Location /svn2>
  DAV svn
  SVNPath /var/repos/repos/testrepo
  SVNPathAuthz on
  AuthType Basic
  AuthUserFile /etc/apache2/users
  AuthName "Test Repository"
  AuthzSVNAccessFile /etc/apache2/authz
  Require valid-user
</Location>  

My authz file looks like:

[groups]
reatssdvp = ebosco, kwest
testdvp = test

[/]
* = r

[/simulations/ebosco]
* =  
ebosco = rw 


[/readme.txt]
* =  
@reatssdvp = rw 

[/simulations/readme.txt]
* =  
ebosco = rw 

[/components]
* =  

[testrepo:/core]
ebosco = rw 
* =   

[/simulations]
* =   
@reatssdvp = rw 

==
Any thoughts as how to proceed? 
________________________________________





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org