httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <li...@jaqui-greenlees.net>
Subject Re: [users@httpd] authentication question
Date Tue, 12 May 2009 19:18:46 GMT
Ross Boylan wrote:
> Suppose I have apache running in front of a web application and
> subversion.
> 
> I am thinking of a scenario in which the web application provides a
> login page.  However, the user may also browse to web pages served by
> subversion.
> 
> Is there a way that my app can have someone log in and then pass the
> identity and authentication "up" to appache?  In particular, I'd want
> this authentication used if the user browsed over to the subversion
> repository.
> 
> I'm assume a common source, e.g., LDAP, will provide user and password
> information that is the same for my app and apache.
> 
> A final wrinkle is that the application itself may access subversion via
> http:// (https?) using either the identity of the user or, perhaps, a
> separate identity the application runs under.

I've followed the thread and have one wrinkle to the problem to mention.

subversion authentication, by default, is a hash of the encrypted password.
simplified description:
The svn client generates the hash against the password, sends both user
name and the hash, subversion generates a hash against the stored
password and compares the two, matching hashes grant write access. read
only access doesn't require authentication from subversion.

This was done to avoid passing actual login data across the net.

Unless you are willing to write a module to enable the functionality you
want in Apache, you might be better off in designing your system as a
site script. There are a number of existing scripts that allow web
browsing of subversion repositories. The write ( commit ) access issue
makes a website / apache module a remote possibility, you would have to
create the code to use the subversion authentication as a part of it.

Jaqui

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message