httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Schindler, Nathan" <nathan.schind...@guidancesoftware.com>
Subject [users@httpd] Subversion + AuthPAM with read and write groups through LimitExcept not working for me
Date Tue, 19 Sep 2006 17:45:40 GMT
The following config doesn't seem to work.  Group2 is allowed to do
whatever they want, while group1 isn't authorized to do anything.  I've
tried many combinations of this, with "Satisfy", "Order", including
group1 in the last "Require group" line... No luck.
If it makes a difference, AuthPAM is connecting to Winbind.

All this works fine until I try to include LimitExcept.

My end goal is to restrict read access to certain groups, and write
access to certain other groups WITHOUT having to define group membership
locally (e.g. not authz).  I'd like all that to work through AuthPAM.  I
also don't want anyone to be able to read.

Thanks in advance for your help.

-Nate

#Begin Config
<Location /repos/repo1>
   DAV svn
   SVNPath /var/repos/repo1
   SVNIndexXSLT "/svnindex.xsl"
   SSLRequireSSL
   AuthType Basic
   AuthName "Authorization Realm"
   AuthPAM_Enabled on
        <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require group group1
        </LimitExcept>
   Require group group2
</Location>
Note: The information contained in this message may be privileged and
confidential and thus protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent responsible 
for delivering this message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited.  If you have received this
communication in error, please notify us immediately by replying to the 
message and deleting it from your computer.  Thank you.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message