subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: User authentication\authorization upper-lower case
Date Sat, 09 Oct 2010 15:23:28 GMT
No time to test, sorry, but agreed that usernames should be
case-sensitive.  Please file a bug if they aren't...

Bob Archer wrote on Fri, Oct 08, 2010 at 11:45:16 -0400:
> > On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bob.Archer@amsi.com>
> > wrote:
> > > >> Hi all. I have a problem with SVN. I have the (only) user
> > > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > > >> repository. Why am I able to get *authenticated* with the user
> > > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > > >> authenticated user can access and read from my repository, so
> > > >> 'TESTUSER' should not be authenticated, as it happens for all
> > > the
> > > >> users not appearing in the passwd file, for example the
> > > 'BlaBlaBla'
> > > >> user.
> > > >> Thanks
> > > >You probably have anon access allowed. Are you using svn or
> > > apache/http? Perhaps showing us your config file would help. I
> > > >think authorization is only applied to authenticated users.
> > >
> > > >BOb
> > >
> > > anon-access = none
> > > password-db = passwd
> > > authz-db = authz
> > >
> > > I'm using svn (svnserve.exe). There is a mistake in the previous
> > > post: 'test_user' is without the '_' character. So the only user
> > in
> > > passwd is 'testuser'. Every user different from 'testuser' does
> > not
> > > get authentication, while 'TESTUSER' gets authentication, but
> > he's
> > > not authorized to commit. (while 'testuser' is). It seems that
> > > 'TESTUSER' and 'testuser' are the same from the authentication
> > > point of view, while they are different from the authorization
> > > point of view. Instead, I would expect for 'TESTUSER' to not be
> > > authenticated. Am I right or am I missing something? Thanks.
> > > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bob.Archer@amsi.com>
> > > wrote:
> > You are possibly correct. I know that svn is case sensitive.
> > However, the authentication may not be. If you authenticate using
> > lower case can you do your commit?
> > 
> > BOb
> > 
> > Sure, 'testuser' can commit
> 
> So, it sounds like you have your answer. Authentication is not case sensitive, yet authorization
is. Seems like a bit of a bug to me. Perhaps a svn dev will jump in here and let us know.
> 
> BOb
> 

Mime
View raw message