开发者

Mercurial, Apache, Windows, mod_auth_sspi and hg push

开发者 https://www.devze.com 2023-01-09 06:01 出处:网络
I\'m playing with Mercurial 1.6 under Apache 2.2.15 on a Windows box under a Windows domain, running as a central repo server to which select people will have commit permissions.
相关专题:mercurialwindows

I'm playing with Mercurial 1.6 under Apache 2.2.15 on a Windows box under a Windows domain, running as a central repo server to which select people will have commit permissions.

I'm trying to restrict access to Mercurial by restricting access to Apache's /cgi-bin/ to select users via sspi_auth_module.

If I browse to the repo page with sspi_auth_module enforcing restrictions on /cgi-bin/ I'm prompted for a username and password, which is accepted and everything works fine.

If I try to use the CLI "hg push" to commit from my local repo to the server, from the command-line, the command terminates very quickly with the message:

abort: authorization failed

If I remov开发者_开发知识库e /cgi-bin/ restrictions, pushing works.

The relevant section of httpd.conf: (names redacted)

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
AuthName "XXXXXX"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOmitDomain On
Require user "xxxxxx"
</Directory>

The relevant section of my hgweb.config file (repositories stored in C:/Hg)

[collections]
C:/Hg = C:/Hg

[web]
allow_push = *
push_ssl = false
allow_archive = bz2 gz zip

I'd like to let the domain controller worry about authentication (to me, it's better than having everyone memorize extra passwords!) - is this a viable approach?

I found a solution. I suspect that part of the issue was that I did not have SSPIDomain specified (mistaking it for AuthName ... duh)

Anyway, the following in httpd.conf did the trick: (the ScriptAlias directive was there from the beginning, BTW)

ScriptAlias /hg "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin/hgweb.cgi"

<Location /hg>
AuthName "Mercurial Authentication"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain XXXXXX
SSPIOmitDomain On     
SSPIOfferBasic On 
SSPIBasicPreferred Off
Require user "xxxxxx"
</Location>

I removed myself as a required user, was prompted for username and password, and could not authenticate. I then added myself back and was able to authenticate OK.

Thanks for looking!

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9