Hi, I'm running Apache 2.2.3 on RHEL 5.5. The server is used as a Subversion server. Subversion is at version 1.6.16 and accessed using TortoiseSVN 1.6.15.
I use global read access to our repositories and authenticate repo updates using Kerberos. I'm now trying to limit both read and write access to a subdirectory within a repository to a group of users. To do this I've added a second Location statement to httpd.conf, which I was hoping would cause access to the subdirectory in question to be authenticated. However - Although I am prompted for a userid / password when the subdirectory in question is accessed the Apache log files shows the request as anonymous. When using one Location statement and authenticating updates only all works well and Apache logs show the userid when the repo in question is accessed. Bit at my wits end here - Have tried Allow / Deny / Satisfy / Require combinations to no avail - Any help would be greatly appreciated. My config files : ### ## # Subversion.conf <Location /svn> DAV svn SVNPathAuthz off SVNParentPath /var/www/svn <LimitExcept GET PROPFIND OPTIONS REPORT> Include /etc/httpd/conf/My_krb5_auth.conf </LimitExcept> AuthzSVNAccessFile /etc/httpd/conf/SVNAccessFileAAA </Location> <Location /svn/REPO/SUBDIR> ( This is the one I want to limit ) DAV svn SVNPathAuthz off SVNParentPath /var/www/svn <Limit All> Include /etc/httpd/conf/My_krb5_auth.conf </Limit> AuthzSVNAccessFile /etc/httpd/conf/SVNAccessFileBBB </Location> ### ## # /etc/httpd/conf/SVNAccessFileAAA [REPO:/] * = r user...@mydomain.com = rw /etc/httpd/conf/SVNAccessFileBBB [REPO:/] user...@mydomain.com = rw In addition to the above 2 SVNAccessFiles I have also tried the following in a single file with one Location statement ( first one above ) : [REPO:/] * = r user...@mydomain.com = rw [REPO:/SUBDIR] user...@mydomain.com = rw ### ## # /etc/httpd/conf/My_krb5_auth.conf AuthName "Active Directory Login" AuthType Kerberos Krb5Keytab /etc/httpd/conf/keytab KrbAuthRealms MYREALM.COM KrbVerifyKDC Off KrbMethodNegotiate Off KrbSaveCredentials Off Require valid-user It APPEARS to me that the fact that there are two Location statements causes the issue ( ' empty ' userid in Apache log even though prompted for userid / password ) in conjunction with the global read. Please be gentle - Obviously no great master of Apache & tend to figure things out as needed - but this one has me stumped. Thanks ! Sean
<<image/jpeg>>
