我在本地服务器上运行apache实例,并且不需要用户名和相应的证书来validation/授权用户的Subversion存储库。 这是我目前的服务器conf:我需要什么指令要求用户名?
<VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www ServerSignature On SSLEngine on SSLCertificateFile /opt/ssl/ServerCA/server/certs/ServerWeb.crt SSLCertificateKeyFile /opt/ssl/ServerCA/server/keys/ServerWeb.key SSLCACertificateFile /opt/ssl/ServerCA/CA/ServerCA.crt SSLCertificateChainFile /opt/ssl/ServerCA/CA/ServerCA.crt SSLVerifyClient optional SSLVerifyDepth 2 <Location /repo> DAV svn SVNPath /srv/repos/svn/insec SSLRequireSSL AuthzSVNAccessFile /srv/repos/svn/insec/conf/authz AuthType Basic AuthName "Subversion repository" Require valid-user </Location> </VirtualHost> 编辑:添加SSLCertificateChainFile,以便客户端获得CA证书,如果它尚未安装。
编辑2:所以最后一件事:我如何将特定证书与用户名匹配?
好吧,我现在正在工作,在这里进一步的参考我的conf:
<VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www ServerSignature On SSLEngine on SSLCertificateFile /opt/ssl/ServerCA/server/certs/ServerWeb.crt SSLCertificateKeyFile /opt/ssl/ServerCA/server/keys/ServerWeb.key SSLCACertificateFile /opt/ssl/ServerCA/CA/ServerCA.crt SSLCertificateChainFile /opt/ssl/ServerCA/CA/ServerCA.crt SSLVerifyClient optional SSLVerifyDepth 2 SSLUserName SSL_CLIENT_S_DN_CN # that line tells apache to use the common name of the client certificate as the username, that's what i was still missing. <Location /repo> DAV svn SVNPath /path/to/repo/ SSLRequireSSL AuthzSVNAccessFile /path/to/repo/conf/authz </Location> </VirtualHost>