On 2008Feb05 9:58 , "Todd, David" <[EMAIL PROTECTED]> wrote:
> I am trying to use viewvc to let my users browse the code base in our svn > repositories. We have a number of them. > > Some of them must have restricted access, but at the same time, want to be > in a hierarchy with others that have a different access group. > > The authentication takes place using kerberos. I doubt that's involved, but > I mention it just in case. > > This is on an apache 2.0.52 server, on RHEL4. > > I have two locations: > > <Location ~ "/viewvc/gni/?.*"> > AllowOverride None > AuthType Kerberos > AuthGroupFile /svn/conf/htgroup > KrbAuthRealms WARDROBE.IROBOT.COM > KrbSaveCredentials On > KrbVerifyKDC Off > KrbAppendRealm Off > Krb5Keytab /svn/www/http.keytab > KrbServiceName HTTP > AuthName "iRobot Subversion Repository" > Order deny,allow > Satisfy All > Require group gniuser > </Location> > > <Location ~ "/viewvc/gni/res/?.*"> > AllowOverride None > AuthType Kerberos > AuthGroupFile /svn/conf/htgroup > KrbAuthRealms WARDROBE.IROBOT.COM > KrbSaveCredentials On > KrbVerifyKDC Off > KrbAppendRealm Off > Krb5Keytab /svn/www/http.keytab > KrbServiceName HTTP > AuthName "iRobot Subversion Repository" > Order deny,allow > Satisfy All > Require group res > </Location> > > > I have two groups gniuser, and res, which is a subset of gniuser. Everyone > in res is in gniuser. > > If I have these in the order presented (General, then specific), people on > the res group have no access at all. If I reverse the order, they have total > access, like others in gniuser. > > I'm using locations because the actual access is via viewvc, a cgi script. > > How do I set it up so that res can be in the the gni directory, but have a > restricted set of users? > > Once more into the breach! Does anyone have an idea or opinion on what I might do to resolve this problem? If I get no answer, I fear I shall have to go bother some developers. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
