[SAC] Re: [OSGeo] #363: SVN repositories without authz files seem to
allow any authorized OSGeo LDAP user to commit
OSGeo
trac_osgeo at osgeo.org
Tue Aug 18 00:58:23 EDT 2009
#363: SVN repositories without authz files seem to allow any authorized OSGeo
LDAP user to commit
-----------------------+----------------------------------------------------
Reporter: hobu | Owner: sac at lists.osgeo.org
Type: task | Status: closed
Priority: critical | Component: SAC
Resolution: fixed | Keywords: svn
-----------------------+----------------------------------------------------
Changes (by warmerdam):
* status: new => closed
* resolution: => fixed
Comment:
I have determined that the problem was a stray Requre valid-user in file
/etc/httpd/conf.d/ldap_auth_url.inc which masked the Require group
directive for the non-authz svn .conf files.
I have removed this line from ldap_auth_url.inc, confirming that all the
authz subversion .conf files already have Require valid-user.
I then discovered that none of the Trac .conf files had REquire valid-user
so I had to add it to all of them.
So, now things seem to be secure again without setting up the authz stuff
for all projects.
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/363#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list