I am trying to use viewvc to let my users browse the code base in our svn
repositories. We have a number of them.
Some of them must have restricted access, but at the same time, want to be
in a hierarchy with others that have a different access group.
The authentication takes place using kerberos. I doubt that's involved, but
I mention it just in case.
This is on an apache 2.0.52 server, on RHEL4.
I have two locations:
<Location ~ "/viewvc/gni/?.*">
AllowOverride None
AuthType Kerberos
AuthGroupFile /svn/conf/htgroup
KrbAuthRealms WARDROBE.IROBOT.COM
KrbSaveCredentials On
KrbVerifyKDC Off
KrbAppendRealm Off
Krb5Keytab /svn/www/http.keytab
KrbServiceName HTTP
AuthName "iRobot Subversion Repository"
Order deny,allow
Satisfy All
Require group gniuser
</Location>
<Location ~ "/viewvc/gni/res/?.*">
AllowOverride None
AuthType Kerberos
AuthGroupFile /svn/conf/htgroup
KrbAuthRealms WARDROBE.IROBOT.COM
KrbSaveCredentials On
KrbVerifyKDC Off
KrbAppendRealm Off
Krb5Keytab /svn/www/http.keytab
KrbServiceName HTTP
AuthName "iRobot Subversion Repository"
Order deny,allow
Satisfy All
Require group res
</Location>
I have two groups gniuser, and res, which is a subset of gniuser. Everyone
in res is in gniuser.
If I have these in the order presented (General, then specific), people on
the res group have no access at all. If I reverse the order, they have total
access, like others in gniuser.
I'm using locations because the actual access is via viewvc, a cgi script.
How do I set it up so that res can be in the the gni directory, but have a
restricted set of users?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|