You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Hermann Voßeler <he...@baaderbank.de> on 2004/03/30 09:59:04 UTC
mod_authz_svn + ssl + certificates doesn't work?
Hello,
first of all -- thanks for Subversion!!!
My apologies if this is a FAQ.
Am I doing something wrong (or is this a known problem)?
I have configured Subversion for acces via Apache and SSL.
I use Certificates for authentication. The Certificates are
signed by a "home made" CA. Works fine this far.
But -- mod_authz_svn seems to be not operative at all.
No access restrictions apply.
At the moment, I add basic auth (via htpasswd file),
the access restrictions defined for mod_authz_svn apply as well.
But I don't want to be forced to set up a htpasswd file and
to manage additional logins and passwords. We plan to integrate
the svn access into a PKI in near future.
I know it is possible to realize access restrictions based on
the DN of the Certificates, but this is rather cumbersome and
not easy to maintain.
-------------------------inside-SSL-virtual-host--------------
SSLVerifyClient require
SSLVerifyDepth 1
<Location /svn/Test>
DAV svn
SVNPath /home/svn/Test
AuthzSVNAccessFile /etc/httpd/conf.d/subversion.access
SSLRequireSSL
SSLUserName SSL_CLIENT_S_DN_CN
SSLOptions +StdEnvVars
# Require valid-user
# AuthType Basic
# AuthName "Subversion"
# AuthUserFile /etc/httpd/conf.d/subversion.user
# SSLOptions +FakeBasicAuth
# satisfy all
</Location>
-------------------------inside-SSL-virtual-host--------------
At the moment I add the statements commented out, the
access rules defined in "subversion.access" are honored.
Btw: I am using ssl_user_module by Martin v. Loewis in order
to avoid "(no author)" in Log messages. Works fine.
Thanks to Martin!
--
Hermann Vosseler
---------------------------------------------------------------
Hermann Voßeler
IT/Developement
Baader Wertpapierhandelsbank AG
Weihenstephaner Straße 4
D-85716 Unterschleißheim
eMail: hermann.vosseler@baaderbank.de
Internet: www.baaderbank.de
---------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org