You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Schadler,Gerald F - JHSS" <gf...@bpa.gov> on 2005/11/01 20:53:40 UTC

Subversion & Apache configuration with Windows Authentication

Need some help here.  I think I have everything configured correctly,
but I can't seem to get the per-directory access control to work.
 
I can get Apache and Subversion configured to where it will do a windows
authentication, but then everyone has read/write access to all the
repositories.  See config file below.
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
<Location /svn>
 
  DAV svn
#  SVNPath /svn/bes
  SVNParentPath /svn
  SVNAutoversioning on
 
# Authentication required
#  require valid-user
 
# Authentication with the Domain Controller
  AuthName "Subversion repository"
  AuthType SSPI
  SSPIAuth on
  SSPIAuthoritative On
  SSPIDomain PDX
  SSPIOfferBasic On
#  SSPIOmitDomain On
 
# our access control policy enforced by mod_authz_svn
#  AuthzSVNAccessFile "c:/svn/conf/svnaccess.conf"
 
</Location>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
 
When I try to use the access file for authentication with windows, I get
a 401 Authorization required.  Here is the location config and access
file:
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
<Location /svn>
 
  DAV svn
#  SVNPath /svn/bes
  SVNParentPath /svn
  SVNAutoversioning on
 
# Authentication required
  require valid-user
 
# Authentication with the Domain Controller
  AuthName "Subversion repository"
  AuthType SSPI
  SSPIAuth on
  SSPIAuthoritative On
  SSPIDomain PDX
  SSPIOfferBasic On
#  SSPIOmitDomain On
 
# our access control policy enforced by mod_authz_svn
  AuthzSVNAccessFile "c:/svn/conf/svnaccess.conf"
 
</Location>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
 
Access File:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
######################################################################
  Define Group Names and Members
######################################################################
[groups]
svnadmin = PDX\sysadmin1
testusers =  PDX\testuser
 
######################################################################
  Define Repository Write and Read Members
######################################################################
bes-write = @svnadmin
bes-read = @testusers
 
pisces-write = @svnadmin
pisces-read = @testusers
 
repos-write = @svnadmin
repos-read = @testusers
 
######################################################################
  Define Repository Access Permissions
######################################################################
[/]
* = r
PDX\svnadmin = rw
 

[bes:/]
@bes-write = rw
@bes-read = r
 
[pisces:/]
@pisces-write = rw
@pisces-read = r
BUD\testuser2 = rw
 
[repos:/]
@repos-write = rw
@repos-read = r
BUD\testuser3 = rw
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++
 
Any help on this would be greatly appreciated.
 
Thanks,
 
Jerry Schadler
Bonneville Power Administration
Web Server Administrator
Email: gfschadler@bpa.gov
Pager: 5033478677@vtext.com
Desk: (360) 418-2184
Cell: (503) 347-8677