Thank you, David I did come across another thread with an example that places the password file under the 'conf' sub-directory alongside the http.conf file; so your suggestion is a good one.
I also noticed in the same thread that the password file is actually called "svn-password.pass" as opposed to "passwd" which may account for the problems I've had with authentication. On Windows, one must run the htpasswd.exe file from the DOS command line. Thanks, Dave -----Original Message----- From: David Chapman [mailto:dcchap...@acm.org] Sent: Thursday, September 06, 2012 2:39 PM To: Anastasio, David M CTR USAF AFMC AFLCMC/HNID Cc: users@subversion.apache.org Subject: Re: Question about Basic Authentication On 9/6/2012 11:08 AM, Anastasio, David M CTR USAF AFMC AFLCMC/HNID wrote: > Yes, I think that is exactly the problem here. > I will try to create the password file with htpasswd. > Does Apache suggest where the password file should reside? > Is it restricted to a certain location? I couldn't find this in the > documentation. > Thank you. > Dave > There is no standard password file location, as AuthUserFile is specified directly in the <Location> block in your httpd.conf. Under Linux I put the password file in /etc with the rest of the system password files. The essential requirement is that the file *not* be visible from outside the server, i.e. don't put it into your repository directory or another directory under your DocumentRoot. Unfortunately, I have seen this happen - "hey, what's in http://server.name/passwd.txt";? It wasn't a Subversion repository that time (and worse yet, the passwords were plaintext), but password file location is a trap for the unwary. I've never set up Apache under Windows, so I can't suggest a "good" location. Maybe the directory in which httpd.conf is stored? -- David Chapman dcchap...@acm.org Chapman Consulting -- San Jose, CA Software Development Done Right. www.chapman-consulting-sj.com
smime.p7s
Description: S/MIME cryptographic signature
