On Mon, Oct 08, 2012 at 09:29:48AM -0700, Damon Wischik wrote: > I have some usernames which contain the '=' character, and I can't > figure out how to refer to them in the authz file. > > I'm using Apache2 to serve a subversion repository, and I'm using > client certificates with FakeBasicAuth. This means that a user has to > provide a client certificate, and Apache takes the subject line of the > certificate, and uses that as the username. For example, a username > might be "/CN=Damon Wischik". > > I've tried all the ways of escaping/quoting I can think of (single > quotes, double quotes, backtick, double the equal sign, \=), but all > of them lead to an Apache error message like "Failed to load the > AuthzSVNAccessFile: The character 'D' in rule '/CN' is not allowed in > authz rules". > > I've seen some previous questions here about "How do I escape @ in > authz?" and "How do I escape [] in authz?" but no answer apart from a > discussion about patching which was beyond me. > > Slightly off-topic -- if I can't have usernames with '=' in authz, > does anyone know how to tell Apache FakeBasicAuth to use something > else for its username, or is there a way to get authz to do username > cleaning/munging before it tests access? > > Thanks, > Damon.
Have you considered setting up aliases as described here? http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html Some authentication systems expect and carry relatively short usernames of the sorts we've been describing here—harry, sally, joe, and so on. But other authentication systems—such as those which use LDAP stores or SSL client certificates—may carry much more complex usernames. For example, Harry's username in an LDAP-protected system might be CN=Harold Hacker,OU=Engineers,DC=red-bean,DC=com. With usernames like that, the access file can become quite bloated with long or obscure usernames that are easy to mistype. Fortunately, username aliases allow you to have to type the correct complex username only once, in a statement which assigns to it a more easily digestable alias. [aliases] harry = CN=Harold Hacker,OU=Engineers,DC=red-bean,DC=com sally = CN=Sally Swatterbug,OU=Engineers,DC=red-bean,DC=com joe = CN=Gerald I. Joseph,OU=Engineers,DC=red-bean,DC=com
