From users-return-5254-daniel=haxx.se@subversion.apache.org Fri Oct 8 17:31:29 2010 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on giant.haxx.se X-Spam-Level: X-Spam-Status: No, score=-1.5 required=3.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by giant.haxx.se (8.14.3/8.14.3/Debian-9.1) with SMTP id o98FVSAr024545 for ; Fri, 8 Oct 2010 17:31:28 +0200 Received: (qmail 58564 invoked by uid 500); 8 Oct 2010 15:31:20 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 58553 invoked by uid 99); 8 Oct 2010 15:31:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Oct 2010 15:31:20 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS Received-SPF: pass (athena.apache.org: local policy) Received: from [207.54.49.24] (HELO ussmtpp1.infor.com) (207.54.49.24) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Oct 2010 15:31:14 +0000 X-SBRS: None X-IronPort-AV: E=Sophos;i="4.57,303,1283745600"; d="scan'208";a="3701224" From: Bob Archer To: Claudio Corona CC: "users@subversion.apache.org" Date: Fri, 8 Oct 2010 11:30:52 -0400 Subject: RE: User authentication\authorization upper-lower case Thread-Topic: User authentication\authorization upper-lower case Thread-Index: Actm/WzsM0dHCLVtSYie2gUV9epScAAAEJ6A Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.3.5 (giant.haxx.se [80.67.6.50]); Fri, 08 Oct 2010 17:31:29 +0200 (CEST) X-Friend: Nope > >> Hi all. I have a problem with SVN. I have the (only) user > >> 'test_user' (in the 'passwd' file) having 'rw' on the entire > >> repository. Why am I able to get *authenticated* with the user > >> 'TESTUSER' (but not *authorized* to commit)? Note that only > >> authenticated user can access and read from my repository, so > >> 'TESTUSER' should not be authenticated, as it happens for all > the > >> users not appearing in the passwd file, for example the > 'BlaBlaBla' > >> user. > >> Thanks > >You probably have anon access allowed. Are you using svn or > apache/http? Perhaps showing us your config file would help. I > >think authorization is only applied to authenticated users. >=20 > >BOb >=20 > anon-access =3D none > password-db =3D passwd > authz-db =3D authz >=20 > I'm using svn (svnserve.exe). There is a mistake in the previous > post: 'test_user' is without the '_' character. So the only user in > passwd is 'testuser'. Every user different from 'testuser' does not > get authentication, while 'TESTUSER' gets authentication, but he's > not authorized to commit. (while 'testuser' is). It seems that > 'TESTUSER' and 'testuser' are the same from the authentication > point of view, while they are different from the authorization > point of view. Instead, I would expect for 'TESTUSER' to not be > authenticated. Am I right or am I missing something? Thanks. > On Fri, Oct 8, 2010 at 4:51 PM, Bob Archer > wrote: You are possibly correct. I know that svn is case sensitive. However, the a= uthentication may not be. If you authenticate using lower case can you do y= our commit? BOb