Hi,

I hope you can help me.

I am using apache Apache/2.2.9 on Solaris 8 to control access to my
subversion 1.5.5 repository. The following authentication directives work:

  Satisfy Any
  Require valid-user

  # Where the authentication file for Subversion is -- it's a normal
  # htpasswd file.
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /home/svn/repository/svn-auth-file

However, I have to maintain the password file for each user, and over the
years, user's logins have tended not to be consistent with their Active
Directory logins (for our sins, that's what we use for most other
authentication requirements). Also, if a user wants to change his/her
password, I need to do it myself, and I'm the only one with access to the
file.

Recently, the UNIX admins installed centrify (http://www.centrify.com/),
which allows us to log into UNIX systems using our AD logins.

I have managed to get subversion to work with centrify by replacing the
lines above with

  Satisfy Any
  Require valid-user

  # Where the authentication for Subversion is -- it uses centrify
  AuthType CENTRIFYDC
  EnableBasicAuth    true
  EnableNtlmAuth     false
  EnableKerberosAuth false
  AuthName "Subversion Repository"

However, there is a set of subversion users that need to have their access
controlled but are not in the Active Directory system. These are UNIX
logins that pertain to systems ("svn" for the subversion software,
"oracle" for the DB software, "mqm" for the MQ software, etc.).

My question is, if it's possible to use both centrify and the
svn-auth-file for authentication for the one location? For example, can I
use two AuthType directives in the one <Location ...> element? or can I
use the two <Location ...> elements for the same location, each with a
different AuthType directive? I am keen to avoid having an active
directory login for UNIX logins that otherwise have no business being in
Active Directory.

Thanks,

Éibhear



-- 
Éibhear Ó hAnluain
Dublin
Ireland


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to