Hi, On 20/03/15 16:54, Andreas Stieger wrote: > Your configuration requires a password for reading, but everyone (!) can > commit. > This should be the other way around, e.g. > <LimitExcept GET PROPFIND OPTIONS REPORT> > > See https://subversion.apache.org/faq.html#no-author why you have no author > without auth challenge.
I would like to pre-empt Jeff's question brought to me privately: To require authentication for ALL operations, which one can assume is desired for a corporate deployment, simply do not wrap in <Limit> and <LimitExcept> at all, this making the "Require valid-user" requirement effective for all requests. You may refer to the Apache httpd documentation for detail on this. Andreas
