Hi Konstantin, Thanks for your reply! I ended up settling for black-and-white access for WebSVN, manually hiding private repositories
This is what I ended up doing: <VirtualHost *:80> > ServerAdmin p...@fusi0n.org > ServerName svn.eratech.ca > DocumentRoot /usr/share/websvn > DirectoryIndex wsvn.php > Alias /templates /usr/share/websvn/templates > Alias / /usr/share/websvn/wsvn.php/ > <Directory /usr/share/websvn> > Options -Indexes +FollowSymlinks +MultiViews > #Require valid-user > #Satisfy Any > #AuthType Digest > #AuthName "Subversion Repositories" > #AuthUserFile /var/repos/.svnpasswd.htdigest > #AuthzSVNAccessFile /var/repos/.svnpasswd > </Directory> > </VirtualHost> > > NameVirtualHost *:443 > <VirtualHost *:443> > ServerAdmin p...@fusi0n.org > ServerName svn.eratech.ca > SSLEngine on > SSLCertificateFile /etc/ssl/svn.eratech.ca.crt > SSLCertificateKeyFile /etc/ssl/svn.eratech.ca.key > SSLCertificateChainFile /etc/ssl/PositiveSSL.ca-bundle > <Location /> > DAV svn > SVNListParentPath on > SVNParentPath /var/repos > AuthzSVNAccessFile /var/repos/.svnpasswd > Satisfy Any > Require valid-user > AuthType Digest > AuthName "Subversion Repositories" > AuthUserFile /var/repos/.svnpasswd.htdigest > SSLRequireSSL > </Location> > </VirtualHost> > On Thu, Jun 9, 2011 at 3:32 AM, Konstantin Kolinko <knst.koli...@gmail.com>wrote: > 2011/6/9 Pier-Luc Petitclerc <p...@fusi0n.org>: > > The problem I have with that is related to the user authentication. I > have > > read that mixed authentication (anonymous vs "registered") is possible > with > > authz and that's what I tried implementing. > > Read The Book [1], as well as HTTPD manuals. [2] > > 1) To mix anonymous and non-anonymous auth (i.e. allow read-only svn > access for anons) you configure different access rules for different > HTTP methods. I.e. GET etc. will go without authentication, but > REPORT, PUT, ... will require authentication. [1] has an example. > > 2) "Satisfy Any" is wrong. You should be careful with it. (If you have > Allow/Deny statements elsewhere it will be enough to satisfy auth > requirements). > See [2] and you'd better configure "Satisfy All". > > [1]: http://svnbook.red-bean.com/ > [2]: http://httpd.apache.org/docs/ > > > > > However, the problem I'm having now is that Apache does not ask users for > > credentials presumably due to the "Satisfy Any" statement. Unless I am > > mistaken, that is how Authz work - to grab usernames off Apache's > > authentication and associate it with the ACL specified in > > AuthzSVNAccessFile... well, that's not working. I've tried many > combinations > > to no avail... so is there someone who has configured something similar? > > > You can configure an access log and look there for what requests and > responses are. When apache requests auth it is HTTP response code 401. > > Best regards, > Konstantin Kolinko > -- - pL No trees were killed to send this message, but a large number of electrons were terribly inconvenienced.
