allow_read authentication
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
allow_read authentication
by Conrad Shultz
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Hello, (As this is my first post, I'll briefly introduce myself as a mercurial novice who is working to transition from CVS. I have a great deal of experience with Linux, command line operations, etc.) I was hoping someone can tell me what I am doing wrong or if I have found a bug. I have been running open-pull, restricted-push mercurial repositories for some time with hgwebdir.cgi and have not had a problem. Recently it has been necessary to setup read-restricted repositories as well. The central server hosting the repository is running mercurial 1.3.1 from Debian/testing, so I configured allow_read per the manpage and in a manner identical to that for allow_push. This did indeed remove the repository in question from the web interface. - From a client that had cloned the repository before I added the allow_read restriction I am still able to push changes and get prompted for authentication in the usual manner. HOWEVER, I cannot pull changes or clone the repository; authentication fails without any prompt. E.g., attempting to clone the repository "Formula" off my central server onto the local client ("chlorine") gives results as follow: chlorine:develop shultzc$ hg clone https://(server address)/hg/Formula destination directory: Formula requesting all changes abort: authorization failed FWIW, I'm using the latest stable mercurial build 1.3.1 on MacOS 10.6/Snow Leopard. Identical behavior is observed using the mercurial client on the Debian box hosting the repository. The manpage has not been helpful, nor have Google searches. What do I need to do to get clone/pull to prompt for credentials? Thanks in advance. - -- Conrad Shultz conrad@... "Beets are a very misunderstood vegetable." - - Capt. Benjamin Sisko, Star Trek: Deep Space Nine, "Equilibrium" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFK6MXDcrIBez8+iX0RAherAKDIGCKJb0yZ2ycfRh0vJ8U7X7eK1QCgs3xo HWs8p3o3Q+KS/nP0gbEvcRw= =1+tN -----END PGP SIGNATURE----- _______________________________________________ Mercurial mailing list Mercurial@... http://selenic.com/mailman/listinfo/mercurial |
|
|
Re: allow_read authentication
by Afriza N. Arief
::
Rate this Message:
Hi,
On Thu, Oct 29, 2009 at 6:29 AM, Conrad Shultz <conrad@...> wrote: Hello, have you tried to "Trick" Mercurial into asking for authentication: touch ~/hg/failed_auth.html assuming your hgwebdir.config and hgwebdir.cgi is in ~/hg/
see also http://wiki.dreamhost.com/Mercurial Hope to help. Afriza N. Arief _______________________________________________ Mercurial mailing list Mercurial@... http://selenic.com/mailman/listinfo/mercurial |
|
|
Re: allow_read authentication
by Conrad Shultz
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Afriza N. Arief wrote: > have you tried to "Trick" Mercurial into asking for authentication: > > touch ~/hg/failed_auth.html > > assuming your hgwebdir.config and hgwebdir.cgi is in ~/hg/ > > see also http://wiki.dreamhost.com/Mercurial Thanks for the ref. The failed_auth.html did not make any difference. However, based on the ref I re-examined my Apache configuration and discovered that I apparently needed to tell Apache to limit access to GET if I want to use allow_read. At a minimum this should probably be documented, though I would really classify this as a bug since it means that it is not (easily) possible to serve read-restricted and read-allowed repositories under the same hgweb tree. But in my case I can get things going now with this new knowledge. Thanks for your assistance. - -- Conrad Shultz conrad@... "Beets are a very misunderstood vegetable." - - Capt. Benjamin Sisko, Star Trek: Deep Space Nine, "Equilibrium" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFK6jSlcrIBez8+iX0RAuDSAJ9m4Gj4KqZpG2A3kSdH1lUjefaKMACeOX0z HtwmZknFhgZEXj/ZNFxu92Q= =hNES -----END PGP SIGNATURE----- _______________________________________________ Mercurial mailing list Mercurial@... http://selenic.com/mailman/listinfo/mercurial |
|
|
Re: allow_read authentication
by Martin Geisler-4
::
Rate this Message:
Conrad Shultz <conrad@...> writes:
> Afriza N. Arief wrote: >> have you tried to "Trick" Mercurial into asking for authentication: >> >> touch ~/hg/failed_auth.html >> >> assuming your hgwebdir.config and hgwebdir.cgi is in ~/hg/ >> >> see also http://wiki.dreamhost.com/Mercurial > > Thanks for the ref. > > The failed_auth.html did not make any difference. However, based on > the ref I re-examined my Apache configuration and discovered that I > apparently needed to tell Apache to limit access to GET if I want to > use allow_read. Yes, hgweb is not doing any authentication itself. The script relies on the frontend webserver (like Apache) to do the authentication using its normal mechnisms (.htaccess files, "401 Unauthorized" headers, etc.). After authentication, the request is passed on to hgweb, which then check that the username set by the webserver is on the right allow_read or allow_push list. > At a minimum this should probably be documented, though I would really > classify this as a bug since it means that it is not (easily) possible > to serve read-restricted and read-allowed repositories under the same > hgweb tree. I've not looked at the documentation online, but it would be great if you could fill in the holes in the wiki: http://mercurial.selenic.com/wiki/PublishingRepositories That would help others who end up in similar situations i the future. -- Martin Geisler VIFF (Virtual Ideal Functionality Framework) brings easy and efficient SMPC (Secure Multiparty Computation) to Python. See: http://viff.dk/. _______________________________________________ Mercurial mailing list Mercurial@... http://selenic.com/mailman/listinfo/mercurial |
| Free embeddable forum powered by Nabble | Forum Help |
