mod_auth_gforge 2, an apache module for Gforge AS
mod_auth_gforge2 (MAG2) is an apache2 module for controlling subversion DAV access based on Gforge AS permissions. It integrates smoothly with GForge AS, and supports role access and ACL checking.
MAG2 is based in the previous MAG for Gforge 4.x series.
Installation
Pre-compiled binaries for RHEL4/5, as well as the source tar (for compilation on other platforms) can be found here. Debug packages are also available.
We will cover the rpm installation here. If you need or want to compile from source, detailed instructions can be found in the README file distributed with the source tar.
On a working Gforge AS installation, all the runtime dependencies needed by MAG2 are installed by default, so it is just a matter of downloading the proper package for your RHEL version/architecture and install it with the rpm command as usual.
rpm -i modauthgforge2-0.6-1.i386.rpm
There is a debug version of each package too, which provides debugging information.
Configuration
Once installed, you need to instruct apache to load the module, which is done with this line.
LoadModule auth_gforge_module modules/mod_auth_gforge.so
Make sure you load the auth_gforge_module after dav_module and dav_svn_module. Also, remember to remove mod_authz_svn from the module list to be loaded by apache at startup. In Centos/RHEL, check /etc/httpd/conf.d/subversion.conf also to confirm mod_authz_svn is not being loaded.
The configuration options are explained in the README file, which you can find in /usr/share/doc/modauthgforge2 if you installed MAG2 using rpm, or inside the source tar if you compiled from source. Here is an example using the standard /etc/gforge/httpd.conf file installed by default with Gforge AS:
LoadModule dav_module modules/mod_dav.so LoadModule dav_svn_module modules/mod_dav_svn.so #LoadModule authz_svn_module modules/mod_authz_svn.so #Uncomment this to load MAG, comment out the previous line #(authz_svn module) #and make sure the authz_snv_module is not loaded in #/etc/httpd/conf.d/subversion.conf LoadModule auth_gforge_module modules/mod_auth_gforge.so
Inside your virtual host directive:
#
# SVN Repository
#
<Location svn>
ErrorDocument 404 default
DAV svn
SVNParentPath /var/lib/gforge/svnroot
#Uncomment the following lines to use MAG
GforgeSysPath /var/lib/gforge
GforgeGroupsRoot /svnroot
Auth_PG_cache_passwords On
# how to authenticate a user
# comment out the following line when using MAG
#AuthzSVNAccessFile /var/lib/gforge/svnroot-access
AuthType Basic
AuthName "Document repository"
# comment the following line when using MAG
#AuthUserFile /var/lib/gforge/svnroot-authfile
SVNIndexXSLT "/svnindex.xsl"
# only authenticated users may access the repository
Require valid-user
</Location>
You may need to configure the database parameters as well. Check the README for Auth_PG_host_name, Auth_PG_database, Auth_PG_port and Auth_PG_pwd. If you accepted the default database parameters when installing Gforge, this is not needed.
For more details, please check the README
Final steps
Once the above steps are done, and you confirmed that everything works, you can disable the cronjob that handles webdav users creation/modification. Look into cron15.php and comment the following line:
`$base_str/plugins/scmsvn/cronjobs/create_dav_svn_auth.php`;
About anonymous access
A current MAG2 limitation is that an user needs to be registered at the site for checking out projects when he is not a member and the repository anonymous access is enabled.