subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Archer <Bob.Arc...@amsi.com>
Subject RE: User authentication\authorization upper-lower case
Date Fri, 08 Oct 2010 15:45:16 GMT
> On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bob.Archer@amsi.com>
> wrote:
> > >> Hi all. I have a problem with SVN. I have the (only) user
> > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > >> repository. Why am I able to get *authenticated* with the user
> > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > >> authenticated user can access and read from my repository, so
> > >> 'TESTUSER' should not be authenticated, as it happens for all
> > the
> > >> users not appearing in the passwd file, for example the
> > 'BlaBlaBla'
> > >> user.
> > >> Thanks
> > >You probably have anon access allowed. Are you using svn or
> > apache/http? Perhaps showing us your config file would help. I
> > >think authorization is only applied to authenticated users.
> >
> > >BOb
> >
> > anon-access = none
> > password-db = passwd
> > authz-db = authz
> >
> > I'm using svn (svnserve.exe). There is a mistake in the previous
> > post: 'test_user' is without the '_' character. So the only user
> in
> > passwd is 'testuser'. Every user different from 'testuser' does
> not
> > get authentication, while 'TESTUSER' gets authentication, but
> he's
> > not authorized to commit. (while 'testuser' is). It seems that
> > 'TESTUSER' and 'testuser' are the same from the authentication
> > point of view, while they are different from the authorization
> > point of view. Instead, I would expect for 'TESTUSER' to not be
> > authenticated. Am I right or am I missing something? Thanks.
> > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bob.Archer@amsi.com>
> > wrote:
> You are possibly correct. I know that svn is case sensitive.
> However, the authentication may not be. If you authenticate using
> lower case can you do your commit?
> 
> BOb
> 
> Sure, 'testuser' can commit

So, it sounds like you have your answer. Authentication is not case sensitive, yet authorization
is. Seems like a bit of a bug to me. Perhaps a svn dev will jump in here and let us know.

BOb


Mime
View raw message