You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Howard Vanfleet <va...@ldschurch.org> on 2006/06/21 21:50:44 UTC

Multiple authentication methods

I am trying to set up my Subversion server to be able to authenticate users
first through apaches AuthUserFile method

Example:
<Location /svn>
        Dav svn
        SVNParentPath /opt/ldssvn/svn
        AuthzSVNAccessFile /etc/apache2/access.list
        Require valid-user
        AuthType Basic
        AuthName "Apache Authentication"
        AuthUserFile /etc/apache2/user.list
        SSLRequireSSL
</Location>

and if this fails I want it to authenticate using LDAP

Example:
<Location /svn>
        DAV svn
        SVNParentPath /opt/ldssvn/svn
        AuthType Basic
        AuthName "LDAP Authentication"

        AuthLDAPUrl ldaps://<server name and port>/ou=people,o=WWR?cn SSL

        AuthLDAPBindDN cn=LDAP-Subversion,ou=NDA,o=WWR
        AuthLDAPBindPassword subversion

        AuthzLDAPAuthoritative off
        AuthBasicProvider ldap
        require valid-user

        AuthzSVNAccessFile /etc/apache2/access.list
        SSLRequireSSL
</Location>

Dose anyone have an example of how to set up the subversion.conf file to allow
this scenario?

thanks,
Howard

------------------------------------------------------------------------------

 
NOTICE: This email message is for the sole use of the
 intended recipient(s) and may contain confidential and
 privileged information. Any unauthorized review, use,
 disclosure or distribution is prohibited. If you are not the
 intended recipient, please contact the sender by reply email
 and destroy all copies of the original message.

------------------------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Multiple authentication methods

Posted by John Stile <jo...@meyersound.com>.

It seems like you should use PAM to use 2 different security methods,
though I'm not sure about some of the details.
The apache config might look like this:
<Location /rogers>
  DAV svn
  SVNPath /opt/ldssvn/svn
  AuthzSVNAccessFile /opt/ldssvn/svn/acls/reposiotry.acl
  SVNIndexXSLT "/apache2-default/svnindex.xsl"
  Require valid-user
  AuthType Basic
  AuthName "Authentication"
  AuthPAM_Enabled on
</Location>

Once PAM is handling authentication, you can stack auth methods.  I
think htpasswd files can be parsed by pwfile ( REFERENCE:
http://cpbotha.net/pam_pwdfile.html ), and pam_ldap can authenticat ldap
users.  

Your /etc/pam.d/apache2 might look like, but I always have to debug this
part to get it right.
auth       sufficient  pam_pwdfile.so pwdfile /etc/apache2/access.list
auth       required    pam_ldap.so    no_warn use_first_pass
account    sufficient  pam_pwdfile.so pwdfile /etc/apache2/access.list
account    required    pam_ldap.so    no_warn use_first_pass

On Wed, 2006-06-21 at 15:50 -0600, Howard Vanfleet wrote:
> I am trying to set up my Subversion server to be able to authenticate users
> first through apaches AuthUserFile method
> 
> Example:
> <Location /svn>
>         Dav svn
>         SVNParentPath /opt/ldssvn/svn
>         AuthzSVNAccessFile /etc/apache2/access.list
>         Require valid-user
>         AuthType Basic
>         AuthName "Apache Authentication"
>         AuthUserFile /etc/apache2/user.list
>         SSLRequireSSL
> </Location>
> 
> and if this fails I want it to authenticate using LDAP
> 
> Example:
> <Location /svn>
>         DAV svn
>         SVNParentPath /opt/ldssvn/svn
>         AuthType Basic
>         AuthName "LDAP Authentication"
> 
>         AuthLDAPUrl ldaps://<server name and port>/ou=people,o=WWR?cn SSL
> 
>         AuthLDAPBindDN cn=LDAP-Subversion,ou=NDA,o=WWR
>         AuthLDAPBindPassword subversion
> 
>         AuthzLDAPAuthoritative off
>         AuthBasicProvider ldap
>         require valid-user
> 
>         AuthzSVNAccessFile /etc/apache2/access.list
>         SSLRequireSSL
> </Location>
> 
> Dose anyone have an example of how to set up the subversion.conf file to allow
> this scenario?
> 
> thanks,
> Howard
> 
> ------------------------------------------------------------------------------
> 
>  
> NOTICE: This email message is for the sole use of the
>  intended recipient(s) and may contain confidential and
>  privileged information. Any unauthorized review, use,
>  disclosure or distribution is prohibited. If you are not the
>  intended recipient, please contact the sender by reply email
>  and destroy all copies of the original message.
> 
> ------------------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org