You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Howard Vanfleet <va...@ldschurch.org> on 2006/06/21 21:50:44 UTC
Multiple authentication methods
I am trying to set up my Subversion server to be able to authenticate users
first through apaches AuthUserFile method
Example:
<Location /svn>
Dav svn
SVNParentPath /opt/ldssvn/svn
AuthzSVNAccessFile /etc/apache2/access.list
Require valid-user
AuthType Basic
AuthName "Apache Authentication"
AuthUserFile /etc/apache2/user.list
SSLRequireSSL
</Location>
and if this fails I want it to authenticate using LDAP
Example:
<Location /svn>
DAV svn
SVNParentPath /opt/ldssvn/svn
AuthType Basic
AuthName "LDAP Authentication"
AuthLDAPUrl ldaps://<server name and port>/ou=people,o=WWR?cn SSL
AuthLDAPBindDN cn=LDAP-Subversion,ou=NDA,o=WWR
AuthLDAPBindPassword subversion
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
require valid-user
AuthzSVNAccessFile /etc/apache2/access.list
SSLRequireSSL
</Location>
Dose anyone have an example of how to set up the subversion.conf file to allow
this scenario?
thanks,
Howard
------------------------------------------------------------------------------
NOTICE: This email message is for the sole use of the
intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email
and destroy all copies of the original message.
------------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Multiple authentication methods
Posted by John Stile <jo...@meyersound.com>.
It seems like you should use PAM to use 2 different security methods,
though I'm not sure about some of the details.
The apache config might look like this:
<Location /rogers>
DAV svn
SVNPath /opt/ldssvn/svn
AuthzSVNAccessFile /opt/ldssvn/svn/acls/reposiotry.acl
SVNIndexXSLT "/apache2-default/svnindex.xsl"
Require valid-user
AuthType Basic
AuthName "Authentication"
AuthPAM_Enabled on
</Location>
Once PAM is handling authentication, you can stack auth methods. I
think htpasswd files can be parsed by pwfile ( REFERENCE:
http://cpbotha.net/pam_pwdfile.html ), and pam_ldap can authenticat ldap
users.
Your /etc/pam.d/apache2 might look like, but I always have to debug this
part to get it right.
auth sufficient pam_pwdfile.so pwdfile /etc/apache2/access.list
auth required pam_ldap.so no_warn use_first_pass
account sufficient pam_pwdfile.so pwdfile /etc/apache2/access.list
account required pam_ldap.so no_warn use_first_pass
On Wed, 2006-06-21 at 15:50 -0600, Howard Vanfleet wrote:
> I am trying to set up my Subversion server to be able to authenticate users
> first through apaches AuthUserFile method
>
> Example:
> <Location /svn>
> Dav svn
> SVNParentPath /opt/ldssvn/svn
> AuthzSVNAccessFile /etc/apache2/access.list
> Require valid-user
> AuthType Basic
> AuthName "Apache Authentication"
> AuthUserFile /etc/apache2/user.list
> SSLRequireSSL
> </Location>
>
> and if this fails I want it to authenticate using LDAP
>
> Example:
> <Location /svn>
> DAV svn
> SVNParentPath /opt/ldssvn/svn
> AuthType Basic
> AuthName "LDAP Authentication"
>
> AuthLDAPUrl ldaps://<server name and port>/ou=people,o=WWR?cn SSL
>
> AuthLDAPBindDN cn=LDAP-Subversion,ou=NDA,o=WWR
> AuthLDAPBindPassword subversion
>
> AuthzLDAPAuthoritative off
> AuthBasicProvider ldap
> require valid-user
>
> AuthzSVNAccessFile /etc/apache2/access.list
> SSLRequireSSL
> </Location>
>
> Dose anyone have an example of how to set up the subversion.conf file to allow
> this scenario?
>
> thanks,
> Howard
>
> ------------------------------------------------------------------------------
>
>
> NOTICE: This email message is for the sole use of the
> intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the
> intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> ------------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org