Re: Viewvc, kerberos and Location directives, an ordering problem?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2008Feb05 9:58 , "Todd, David" <dtodd@xxxxxxxxxx> wrote:

> I am trying to use viewvc to let my users browse the code base in our svn
> repositories. We have a number of them.
> 
> Some of them must have restricted access, but at the same time, want to be
> in a hierarchy with others that have a different access group.
> 
> The authentication takes place using kerberos. I doubt that's involved, but
> I mention it just in case.
> 
> This is on an apache 2.0.52 server, on RHEL4.
> 
> I have two locations:
> 
>    <Location ~ "/viewvc/gni/?.*">
>      AllowOverride None
>      AuthType Kerberos
>      AuthGroupFile /svn/conf/htgroup
>      KrbAuthRealms WARDROBE.IROBOT.COM
>      KrbSaveCredentials On
>      KrbVerifyKDC Off
>      KrbAppendRealm Off
>      Krb5Keytab /svn/www/http.keytab
>      KrbServiceName HTTP
>      AuthName "iRobot Subversion Repository"
>          Order deny,allow
>      Satisfy All
>      Require group gniuser
>    </Location>   
> 
>    <Location ~ "/viewvc/gni/res/?.*">
>      AllowOverride None
>      AuthType Kerberos
>      AuthGroupFile /svn/conf/htgroup
>      KrbAuthRealms WARDROBE.IROBOT.COM
>      KrbSaveCredentials On
>      KrbVerifyKDC Off
>      KrbAppendRealm Off
>      Krb5Keytab /svn/www/http.keytab
>      KrbServiceName HTTP
>      AuthName "iRobot Subversion Repository"
>          Order deny,allow
>      Satisfy All
>      Require group res
>    </Location>   
> 
> 
> I have two groups gniuser, and res, which is a subset of gniuser. Everyone
> in res is in gniuser.
> 
> If I have these in the order presented (General, then specific), people on
> the res group have no access at all. If I reverse the order, they have total
> access, like others in gniuser.
> 
> I'm using locations because the actual access is via viewvc, a cgi script.
> 
> How do I set it up so that res can be in the the gni directory, but have a
> restricted set of users?
> 
> 
Once more into the breach!

Does anyone have an idea or opinion on what I might do to resolve this
problem?

If I get no answer, I fear I shall have to go bother some developers.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux