|
I tried something very similar with Subversion on
an Apache 2.2.9 server. In our case however, we were trying to use both
the SSPI authentication and htpasswd-style password file. According to
some docs, it should work with Apache 2.0. But I couldn't get it to
work with Apache 2.2. See: http://tortoisesvn.net/docs/nightly/TortoiseSVN_en/help-onepage.html#tsvn-serversetup-apache-6 In the end, I concluded that it could not be done, because the SSPI module is not designed to work with the updated authentication/authorisation architecture introduced in Apache 2.2. However, I have succeeded in getting LDAP and password file authentication working together on Apache 2.2. (Note that LDAP just uses Basic auth protocol between server and browser, unlike SSPI which uses some other type of auth protocol. I don't know anything about Centrify.) So, the question is, is the Centrify module designed to work properly in the Apache 2.2 authentication/authorisation architecture? That's a question Centrify should be able to answer. Regards, Craig McQueen Éibhear wrote: Hi, I hope you can help me. I am using apache Apache/2.2.9 on Solaris 8 to control access to my subversion 1.5.5 repository. The following authentication directives work: Satisfy Any Require valid-user # Where the authentication file for Subversion is -- it's a normal # htpasswd file. AuthType Basic AuthName "Subversion Repository" AuthUserFile /home/svn/repository/svn-auth-file However, I have to maintain the password file for each user, and over the years, user's logins have tended not to be consistent with their Active Directory logins (for our sins, that's what we use for most other authentication requirements). Also, if a user wants to change his/her password, I need to do it myself, and I'm the only one with access to the file. Recently, the UNIX admins installed centrify (http://www.centrify.com/), which allows us to log into UNIX systems using our AD logins. I have managed to get subversion to work with centrify by replacing the lines above with Satisfy Any Require valid-user # Where the authentication for Subversion is -- it uses centrify AuthType CENTRIFYDC EnableBasicAuth true EnableNtlmAuth false EnableKerberosAuth false AuthName "Subversion Repository" However, there is a set of subversion users that need to have their access controlled but are not in the Active Directory system. These are UNIX logins that pertain to systems ("svn" for the subversion software, "oracle" for the DB software, "mqm" for the MQ software, etc.). My question is, if it's possible to use both centrify and the svn-auth-file for authentication for the one location? For example, can I use two AuthType directives in the one <Location ...> element? or can I use the two <Location ...> elements for the same location, each with a different AuthType directive? I am keen to avoid having an active directory login for UNIX logins that otherwise have no business being in Active Directory. Thanks, Éibhear |
|