Login | Register
My pages Projects Community openCollabNet

Discussions > users > Re: Re: [feature request] ssl client-certificate auth

fsvs
Discussion topic

Back to topic list

Re: Re: [feature request] ssl client-certificate auth

Author tekknokrat
Full name Gunnar Thielebein
Date 2008-07-29 07:59:26 PDT
Message Hi Phil,

first sorry for the delay on answering to this issue.
There some family affairs which keeps me currently busy.

I tested your proposal with a client certificate apache backend.

When I define a /etc/subversion/servers file with these lines:
> [groups]
> localhost = localhost
> [localhost]
> ssl-client-cert-file = /etc/ssl/version-man​agement/clientcert.p​12
> ssl-client-cert-password = ********
> [global]
> ssl-authority-files = /etc/ssl/version-man​agement/demoCA/cacer​t.pem
"svn ls" works like expected.

Without these lines "svn ls" ask for certificate file, everytime it is
performed and also when permanently accepting the key.

when using fsvs it also asks for certificate file and it works (which is
very nice) when I manullay input the keypath,
But when using the lines in the servers file globally or in .subversion
it doesn't care about.

Best Regards, Gunnar

Philipp Marek schrieb:
> On Monday 07 July 2008 Gunnar Thielebein wrote:
>
>> I have seen that this feature already exists in the svn client and can
>> be controlled via
>>
>> the following directives in subversion configuration:
>>
>>> ssl-client-cert-file
>>> ssl-client-cert-password
>>>
>> The access to the repository should be authenticated in a host-based way.
>>
> ...
>
>> Using ssh for host-based authentication does not offer the flexibility
>> of apache2 which we need in this scenario.
>>
> Maybe it already works if you get a successfull "svn ls http://..." and use
> the ~root/.subversion on the target machine?
>
> FSVS just invokes the default handler of subversion; but it's possible that
> something has to be done specially for certificate based authentication.
> (But that would be awfully nice - imagine using a smartcard!)
>
>
> Could you test that, please?
>
>
>
> Regards,
>
> Phil
>
>

« Previous message in topic | 3 of 20 | Next message in topic »

Messages

Show all messages in topic

[feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-07-07 07:13:20 PDT
     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-07-12 05:30:44 PDT
         Re: Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-07-29 07:59:26 PDT
             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-07-31 09:41:10 PDT
             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-02 07:52:55 PDT
                 Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-02 10:12:02 PDT
                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-06 01:00:51 PDT
                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-06 01:30:40 PDT
                         Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-06 01:49:56 PDT
                             Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-06 03:04:17 PDT
                                 Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-07 02:57:23 PDT
                                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 04:59:00 PDT
                                         Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-12 07:45:25 PDT
                                             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 08:22:54 PDT
                                                 Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-12 09:06:38 PDT
                                                     Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 09:34:33 PDT
                                                         Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-13 08:42:14 PDT
                                                             Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-13 08:59:16 PDT
                                                                 Re: [feature request] ssl client-certificate auth tekknokrat Gunnar Thielebein 2008-08-21 02:43:36 PDT
                                 Re: [feature request] ssl client-certificate auth pmarek P.Marek 2008-08-12 04:55:53 PDT
Messages per page: