You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Hermann Voßeler <he...@baaderbank.de> on 2004/03/30 09:59:04 UTC

mod_authz_svn + ssl + certificates doesn't work?

Hello,

first of all -- thanks for Subversion!!!


My apologies if this is a FAQ.
Am I doing something wrong (or is this a known problem)?

I have configured Subversion for acces via Apache and SSL.
I use Certificates for authentication. The Certificates are
signed by a "home made" CA. Works fine this far.

But -- mod_authz_svn seems to be not operative at all.
No access restrictions apply.

At the moment, I add basic auth (via htpasswd file),
the access restrictions defined for mod_authz_svn apply as well.

But I don't want to be forced to set up a htpasswd file and
to manage additional logins and passwords. We plan to integrate
the svn access into a PKI in near future.
I know it is possible to realize access restrictions based on
the DN of the Certificates, but this is rather cumbersome and
not easy to maintain.

-------------------------inside-SSL-virtual-host--------------
SSLVerifyClient require
SSLVerifyDepth 1

<Location /svn/Test>
     DAV svn
     SVNPath /home/svn/Test

         AuthzSVNAccessFile /etc/httpd/conf.d/subversion.access
         SSLRequireSSL
         SSLUserName SSL_CLIENT_S_DN_CN
         SSLOptions +StdEnvVars
#        Require valid-user
#        AuthType Basic
#        AuthName "Subversion"
#        AuthUserFile /etc/httpd/conf.d/subversion.user
#        SSLOptions +FakeBasicAuth
#        satisfy all
</Location>
-------------------------inside-SSL-virtual-host--------------

At the moment I add the statements commented out, the
access rules defined in "subversion.access" are honored.

Btw: I am using ssl_user_module by Martin v. Loewis in order
to avoid "(no author)" in Log messages. Works fine.
Thanks to Martin!


-- 


Hermann Vosseler



---------------------------------------------------------------
Hermann Voßeler
IT/Developement
Baader Wertpapierhandelsbank AG
Weihenstephaner Straße 4
D-85716 Unterschleißheim
eMail: hermann.vosseler@baaderbank.de
Internet: www.baaderbank.de
---------------------------------------------------------------



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org