2011/6/9 Pier-Luc Petitclerc <p...@fusi0n.org>: > The problem I have with that is related to the user authentication. I have > read that mixed authentication (anonymous vs "registered") is possible with > authz and that's what I tried implementing.
Read The Book [1], as well as HTTPD manuals. [2] 1) To mix anonymous and non-anonymous auth (i.e. allow read-only svn access for anons) you configure different access rules for different HTTP methods. I.e. GET etc. will go without authentication, but REPORT, PUT, ... will require authentication. [1] has an example. 2) "Satisfy Any" is wrong. You should be careful with it. (If you have Allow/Deny statements elsewhere it will be enough to satisfy auth requirements). See [2] and you'd better configure "Satisfy All". [1]: http://svnbook.red-bean.com/ [2]: http://httpd.apache.org/docs/ > > However, the problem I'm having now is that Apache does not ask users for > credentials presumably due to the "Satisfy Any" statement. Unless I am > mistaken, that is how Authz work - to grab usernames off Apache's > authentication and associate it with the ACL specified in > AuthzSVNAccessFile... well, that's not working. I've tried many combinations > to no avail... so is there someone who has configured something similar? > You can configure an access log and look there for what requests and responses are. When apache requests auth it is HTTP response code 401. Best regards, Konstantin Kolinko
