From users-return-5268-daniel=haxx.se@subversion.apache.org  Sat Oct  9 17:25:21 2010
Return-Path: <users-return-5268-daniel=haxx.se@subversion.apache.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on giant.haxx.se
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=3.0 tests=BAYES_00,DS_FRIEND,
	T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by giant.haxx.se (8.14.3/8.14.3/Debian-9.1) with SMTP id o99FPKjv008891
	for <daniel@haxx.se>; Sat, 9 Oct 2010 17:25:20 +0200
Received: (qmail 68750 invoked by uid 500); 9 Oct 2010 15:25:11 -0000
Mailing-List: contact users-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@subversion.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@subversion.apache.org>
List-Post: <mailto:users@subversion.apache.org>
List-Id: <users.subversion.apache.org>
Delivered-To: mailing list users@subversion.apache.org
Received: (qmail 68743 invoked by uid 99); 9 Oct 2010 15:25:11 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Oct 2010 15:25:11 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=10.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
Received-SPF: pass (athena.apache.org: local policy)
Received: from [66.111.4.29] (HELO out5.smtp.messagingengine.com) (66.111.4.29)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Oct 2010 15:25:05 +0000
Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41])
	by gateway1.messagingengine.com (Postfix) with ESMTP id DFDAD373;
	Sat,  9 Oct 2010 11:24:44 -0400 (EDT)
Received: from frontend2.messagingengine.com ([10.202.2.161])
  by compute1.internal (MEProxy); Sat, 09 Oct 2010 11:24:44 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=date:from:to:cc:subject:message-id:references:mime-version:content-type:in-reply-to; s=smtpout; bh=qI+yjzReT1Y6IaYd6Xz5uk7CBrQ=; b=KWxmjKAhWQwgHXEoVUGD1NWNXboqnNWF0ksxQOAzR++t2571XyGNvfvLz0ddHsdQGuOhA6lC+vQ26LZFgPSEh0vNIwCjQMx/INdOCthe14AMcdzLYq7xXkp5UEaIbeB1onPgFMH55NQn2Vp+5J4ORzjvApUWb1lHdCo80WOa9nE=
X-Sasl-enc: 97ZeNL3pS8QN2qGQIlW5F9ArM51xtI6r+zaED1S/XjmCKpI5Q5O3Mc98/0TtTg 1286637883
Received: from lp-shahaf.local (bzq-109-64-43-205.red.bezeqint.net [109.64.43.205])
	by mail.messagingengine.com (Postfix) with ESMTPSA id 2C7FA5E31AD;
	Sat,  9 Oct 2010 11:24:41 -0400 (EDT)
Date: Sat, 9 Oct 2010 17:23:28 +0200
From: Daniel Shahaf <d.s@daniel.shahaf.name>
To: Bob Archer <Bob.Archer@amsi.com>
Cc: Claudio Corona <ibazar83@gmail.com>,
        "users@subversion.apache.org" <users@subversion.apache.org>
Subject: Re: User authentication\authorization upper-lower case
Message-ID: <20101009152328.GD17905@lp-shahaf.local>
References: <AANLkTi=5Jc+4PcOyLoD4XYWq_74P7d4VdZiR4UQHm7cs@mail.gmail.com> <CB4587DA62024B40B9F929ECF639210F26DDF42A44@USALWEXMB4.infor.com> <AANLkTik9uXG2uc0Mj-m-P_9Z=5dCAghe=VD6k_XYA+fO@mail.gmail.com> <CB4587DA62024B40B9F929ECF639210F26DDF42A6A@USALWEXMB4.infor.com> <AANLkTingjc8pufoRA_fBTtjD2PeMbprvWxhmjZztj7YX@mail.gmail.com> <CB4587DA62024B40B9F929ECF639210F26DDF42A77@USALWEXMB4.infor.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CB4587DA62024B40B9F929ECF639210F26DDF42A77@USALWEXMB4.infor.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.3.5 (giant.haxx.se [80.67.6.50]); Sat, 09 Oct 2010 17:25:21 +0200 (CEST)
X-Friend: Friend

No time to test, sorry, but agreed that usernames should be
case-sensitive.  Please file a bug if they aren't...

Bob Archer wrote on Fri, Oct 08, 2010 at 11:45:16 -0400:
> > On Fri, Oct 8, 2010 at 5:30 PM, Bob Archer <Bob.Archer@amsi.com>
> > wrote:
> > > >> Hi all. I have a problem with SVN. I have the (only) user
> > > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire
> > > >> repository. Why am I able to get *authenticated* with the user
> > > >> 'TESTUSER' (but not *authorized* to commit)? Note that only
> > > >> authenticated user can access and read from my repository, so
> > > >> 'TESTUSER' should not be authenticated, as it happens for all
> > > the
> > > >> users not appearing in the passwd file, for example the
> > > 'BlaBlaBla'
> > > >> user.
> > > >> Thanks
> > > >You probably have anon access allowed. Are you using svn or
> > > apache/http? Perhaps showing us your config file would help. I
> > > >think authorization is only applied to authenticated users.
> > >
> > > >BOb
> > >
> > > anon-access = none
> > > password-db = passwd
> > > authz-db = authz
> > >
> > > I'm using svn (svnserve.exe). There is a mistake in the previous
> > > post: 'test_user' is without the '_' character. So the only user
> > in
> > > passwd is 'testuser'. Every user different from 'testuser' does
> > not
> > > get authentication, while 'TESTUSER' gets authentication, but
> > he's
> > > not authorized to commit. (while 'testuser' is). It seems that
> > > 'TESTUSER' and 'testuser' are the same from the authentication
> > > point of view, while they are different from the authorization
> > > point of view. Instead, I would expect for 'TESTUSER' to not be
> > > authenticated. Am I right or am I missing something? Thanks.
> > > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer <Bob.Archer@amsi.com>
> > > wrote:
> > You are possibly correct. I know that svn is case sensitive.
> > However, the authentication may not be. If you authenticate using
> > lower case can you do your commit?
> > 
> > BOb
> > 
> > Sure, 'testuser' can commit
> 
> So, it sounds like you have your answer. Authentication is not case sensitive, yet authorization is. Seems like a bit of a bug to me. Perhaps a svn dev will jump in here and let us know.
> 
> BOb
>