________________________________
From: "Cooke, Mark" <mark.co...@siemens.com>
To: j s <jbluede...@yahoo.com>; "users@subversion.apache.org"
<users@subversion.apache.org>
Sent: Tuesday, November 15, 2011 10:05 AM
Subject: RE: user access
[We normally bottom-post on this list to make it easier to read in order... See
in-line below]
> > -----Original Message-----
> > From: j s [mailto:jbluede...@yahoo.com]
> > Sent: 15 November 2011 13:29
> > To: users@subversion.apache.org
> > Subject: user access
> >
> > Have svn running on windows/apache and currently dev team
> > accesses svn repo's using http and tortoisesvn
> >
> > They access the repos using their domain credentials set up
> > in apache config.
> >
> > we now have a group of temps that we want to create a new
> > repo for and that they should only access that repo either by
> > using uname/pwd or via domain access.
> >
> > current set up
> >
> > [server name]\c:\svnrepo
> > \product1 ---->[dev accesses this using domain\uname&pwd]
> > \product2 ---->[dev accesses this using domain\uname&pwd]
> > \product3 ---->[dev accesses this using domain\uname&pwd]
> > \temprepo ---->[dev accesses this using domain\uname&pwd ||
> > the temp lackies access it using their uname and pwd only for
> > this repo]
> >
> >
> > Is this set up possible? how would i go about it?
> >
> > am open to changing access type based on best practise
> >
> ________________________________
>
> From: "Cooke, Mark" <mark.co...@siemens.com>
> To: j s <jbluede...@yahoo.com>; "users@subversion.apache.org"
> <users@subversion.apache.org>
> Sent: Tuesday, November 15, 2011 8:51 AM
> Subject: RE: user access
>
> Take a read of the subversion book here:-
>
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html
>
> ~ mark c
>
> -----Original Message-----
> From: j s [mailto:jbluede...@yahoo.com]
> Sent: 15 November 2011 14:47
> To: Cooke, Mark; users@subversion.apache.org
> Subject: Re: user access
>
> Mark,
> Looked at the link you provided.
>
> In my apache/conf/httpd.conf file i have the following
...is this in a <Location> or <Directory> etc section?
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain <domaincontroller>
> SSPIOmitDomain on
> SSPIUsernameCase lower
> SSPIPerRequestAuth on
> SSPIOfferBasic On
> AuthType SSPI
> AuthName "Subversion repositories"
> Require valid-user
> Require group "DOMAIN\companyname"
...using SSPI to _authenticate_ the user against Active Directory OK...
NB: also provides basic _authorisation_ by rejecting non-group users.
> DAV svn
> SVNListParentPath on
> SVNParentPath F:\SVN
...sets the path and enables subversion...
> #SVNIndexXSLT "/svnindex.xsl"
...you would use this to provide a nice view of the repository (TortoiseSVN has
a section on this in their help file)...
> #AuthUserFile passwd
...this is for basic http authentication, you can delete this...
> #AuthzSVNAccessFile F:/SVN/auth.conf
...this is the line where you point svn to your file that controls
authorisation (who can access what) but it is commented out?
> Unable to translate the link to sections in the
> apache/conf/httpd.conf file.
>
> appreciate any useful tips.
What exactly do you not understand? Is it the authz file contents (described
on the page linked above) or the apache config?
~ mark c
Also, the following is part of <Location /SVN>
<Location /svn>
SSPIAuth On
SSPIAuthoritative On
SSPIDomain <domaincontroller>
SSPIOmitDomain on
SSPIUsernameCase lower
SSPIPerRequestAuth on
SSPIOfferBasic On
DAV svn
SVNListParentPath on
SVNParentPath F:\SVN
#SVNIndexXSLT "/svnindex.xsl"
AuthType SSPI
AuthName "Subversion repositories"
#AuthUserFile passwd
#AuthzSVNAccessFile F:/SVN/auth.conf
Require valid-user
Require group "DOMAIN\companyname"
</Location
