Mercurial,Apache,Windows,mod_auth_sspi和hg推送
[英]Mercurial, Apache, Windows, mod_auth_sspi and hg push
问题描述
I'm playing with Mercurial 1.6 under Apache 2.2.15 on a Windows box under a Windows domain, running as a central repo server to which select people will have commit permissions. 
我正在Windows域下的Windows框上的Apache 2.2.15下使用Mercurial 1.6,它作为中央回购服务器运行,选择的人员将拥有提交权限。
I'm trying to restrict access to Mercurial by restricting access to Apache's /cgi-bin/ to select users via sspi_auth_module. 我试图通过限制通过sspi_auth_module访问Apache的/ cgi-bin /来选择用户来限制对Mercurial的访问。
If I browse to the repo page with sspi_auth_module enforcing restrictions on /cgi-bin/ I'm prompted for a username and password, which is accepted and everything works fine. 如果我在sspi_auth_module上对/ cgi-bin /实施了限制,浏览到回购页面,则会提示我输入用户名和密码,并且可以正常使用。
If I try to use the CLI "hg push" to commit from my local repo to the server, from the command-line, the command terminates very quickly with the message: 如果我尝试使用CLI“ hg push”从本地存储库通过命令行提交到服务器,则该命令将很快终止,并显示以下消息:
abort: authorization failed
If I remove /cgi-bin/ restrictions, pushing works. 如果我删除了/ cgi-bin /限制,则推送会起作用。
The relevant section of httpd.conf: (names redacted) httpd.conf的相关部分:(已删除名称)
<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
AuthName "XXXXXX"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOmitDomain On
Require user "xxxxxx"
</Directory>
The relevant section of my hgweb.config file (repositories stored in C:/Hg) 我的hgweb.config文件的相关部分(存储在C:/ Hg中的存储库)
[collections]
C:/Hg = C:/Hg
[web]
allow_push = *
push_ssl = false
allow_archive = bz2 gz zip
I'd like to let the domain controller worry about authentication (to me, it's better than having everyone memorize extra passwords!) - is this a viable approach? 我想让域控制器担心身份验证(对我来说,这比每个人都记住额外的密码要好!)-这是可行的方法吗?
1 个解决方案
解决方案1
1 2010-07-30 17:12:25
I found a solution. 我找到了解决方案。 I suspect that part of the issue was that I did not have SSPIDomain specified (mistaking it for AuthName ... duh) 我怀疑部分问题是我未指定SSPIDomain ( 误将其用于AuthName ... duh)
Anyway, the following in httpd.conf did the trick: (the ScriptAlias directive was there from the beginning, BTW) 无论如何,httpd.conf中的以下代码可以解决问题:(从一开始就存在ScriptAlias指令,BTW)
ScriptAlias /hg "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin/hgweb.cgi"
<Location /hg>
AuthName "Mercurial Authentication"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain XXXXXX
SSPIOmitDomain On
SSPIOfferBasic On
SSPIBasicPreferred Off
Require user "xxxxxx"
</Location>
I removed myself as a required user, was prompted for username and password, and could not authenticate. 我将自己删除为必需的用户,被提示输入用户名和密码,并且无法进行身份验证。 I then added myself back and was able to authenticate OK. 然后,我又添加了自己,并能够进行身份验证。
Thanks for looking! 感谢您的光临!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.