Re: Troubles with VirtualHost configuration: never asked for password

Tue, 12 Jan 2010 17:40:35 -0800 

Greetings, Will Scheidegger!

> I'm having a hard time configuring my virtual host to restrict access to my
> subversion repository. This is what my conf looks like:

> #Virtual Host Configuration

> <VirtualHost w.x.y.z:80>
>         ServerName svn.domain.com

>         <Location /svn/myproject>
>                 Order Allow,Deny
>                 Allow from all
        
>                 DAV svn
>                 SVNPath /usr/local/svn/myproject
>                 AuthType Basic
>                 AuthName "Subversion Repository"
>                 AuthUserFile /etc/subversion/passwd
>                 Require valid-user
>         </Location>
> </VirtualHost>


> Without the "Order Allow,Deny" + "Allow from all" directive the default
> virtual host configuration takes over and access is denied ("Server sent
> unexpected return value (403 Forbidden) in response to OPTIONS request...").
> But with the directives I'm never asked for a password. According to all the
> manuals I consulted on the web, this setup _should_ challenge the user for a
> password (stored in /etc/subversion/passwd). Do I need to configure
> something else, i.e. modify stuff in /usr/local/svn/myproject/conf?

Try running svn command with --no-auth-cache switch.
Not really see what's wrong with your setup...
For a convenience, here's my own configuration of authorization block (It
using SSPI module, however, you have to replace relevant directives by ones
suitable for your auth scheme):

<VirtualHost *>
    ServerName svn.mydomain.local
    ServerAlias svn.example.org

    DocumentRoot "C:/home/svn"
    AddDefaultCharset utf-8

    ErrorLog "C:/home/svn/.log/error_log"
    CustomLog "C:/home/svn/.log/access_log" common env=!SVN-ACTION
    CustomLog "C:/home/svn/.log/svn_access_log" svn env=SVN-ACTION

    <IfModule rewrite_module>
# some private stuff here to make all things to work straight
    </IfModule>

    <Location "/">
        Order allow,deny
# Limit access to single local IP
# unless we have working authorization scheme
        Allow from 192.168.1.10

        <IfModule dav_svn_module>
            DAV svn
            SVNParentPath "C:/home/svn"
        </IfModule>

        <IfModule sspi_auth_module>
            Allow from all

            AuthName "Subversion repository"
            AuthType SSPI
            SSPIAuth On
            SSPIAuthoritative On
            SSPIOfferBasic On
            SSPIOmitDomain On
            SSPIUsernameCase lower
            SSPIBasicPreferred Off

            # only developers may access the repository
            Require group "EXAMPLE\CVS"

            # And they should obey to SVN user permissions file
            <IfModule authz_svn_module>
                AuthzSVNAccessFile "C:/home/svn/.registry"
            </IfModule>
        </IfModule>
    </Location>
</VirtualHost>


--
WBR,
 Andrey Repin (anrdae...@freemail.ru) 13.01.2010, <4:28>

Sorry for my terrible english...

Reply via email to