tags:

views:

28

answers:

1
+1  Q: 

Mercurial, Apache, Windows, mod_auth_sspi and hg push

I'm playing with Mercurial 1.6 under Apache 2.2.15 on a Windows box under a Windows domain, running as a central repo server to which select people will have commit permissions.

I'm trying to restrict access to Mercurial by restricting access to Apache's /cgi-bin/ to select users via sspi_auth_module.

If I browse to the repo page with sspi_auth_module enforcing restrictions on /cgi-bin/ I'm prompted for a username and password, which is accepted and everything works fine.

If I try to use the CLI "hg push" to commit from my local repo to the server, from the command-line, the command terminates very quickly with the message:

abort: authorization failed

If I remove /cgi-bin/ restrictions, pushing works.

The relevant section of httpd.conf: (names redacted)

<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
AuthName "XXXXXX"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOmitDomain On
Require user "xxxxxx"
</Directory>

The relevant section of my hgweb.config file (repositories stored in C:/Hg)

[collections]
C:/Hg = C:/Hg

[web]
allow_push = *
push_ssl = false
allow_archive = bz2 gz zip

I'd like to let the domain controller worry about authentication (to me, it's better than having everyone memorize extra passwords!) - is this a viable approach?

+1  A: 

I found a solution. I suspect that part of the issue was that I did not have SSPIDomain specified (mistaking it for AuthName ... duh)

Anyway, the following in httpd.conf did the trick: (the ScriptAlias directive was there from the beginning, BTW)

ScriptAlias /hg "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin/hgweb.cgi"

<Location /hg>
AuthName "Mercurial Authentication"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain XXXXXX
SSPIOmitDomain On     
SSPIOfferBasic On 
SSPIBasicPreferred Off
Require user "xxxxxx"
</Location>

I removed myself as a required user, was prompted for username and password, and could not authenticate. I then added myself back and was able to authenticate OK.

Thanks for looking!

Madmanguruman  2010-07-30 17:12:25

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)