[kforge-user] Installation and setup experiences + problems

Sat Feb 17 19:03:44 UTC 2007

Hi,

This will be a long posting, but I'd like to give some comments on my
experience so far. I also have some additional problems.

== Installation ==

1) When initially editing kforge.conf, it would be useful to point out that
the KForge web files (document_root) are installed in
/usr/local/share/kforge/www (by default). The same thing goes for the django
template files (templates_dir) which turns up in
/usr/local/share/kforge/templates/kui. This caused me some confusion
initiallly.

2) When running kforge-admin with the --config parameter, the path-to-config
must be specified with the full absolute path (e.g /etc/kforge.conf). The
same is of course also true if you export KFORGE_SETTINGS, but that's more
obvious.

== SSL ==

One thing that troubles me is the use of virtual hosts for admin/project
subdomains. If you're running a public kforge server and want full
certificate trust, this will be a problem unless of course you can afford a
wildcard certificate. I see for example you're running a certificate for
project.knowledgeforge.net for both admin and project, which causes warnings
on admin. Would it be possible to add an option to use for example a
<domain>/admin and <domain>/project structure instead? This should be
possible by simply changing the VirtualHost sections to sets of Alias-es and
<Directory ..> configurations, or is there something more complex behind
this? You probably would need to generate two different config-files, like
httpd.conf and ssl.conf and include your ssl.conf inside your VirtualHost
section for SSL, but I think it would be quite nice..

It's no high priority though, but have you thought anything about this
problem?

== Permissions ==

For us, it is vital that certain projects are inaccessible by non-members. I
understand you have put a lot of effort in building user access rights
through the domain model, it looks like good work. I really like the way
services authenticate through your python accesshandler. I have some
problems though. According to
http://project.knowledgeforge.net/kforge/trac/wiki/KforgeGuide#RolesandPermissions,
a Visitor should not have access to project services. This restriction works
fine for svn, but not for trac. Is this a known problem? (I'm running kforge
0.12 stable).    This also leads to the next point..

== SVN checkout ==

Though browsing a repository through a web browser works fine when logged
in, I get an error when doing a 'svn co <URL>'. Note that I first get a
prompt stating the Authentication realm and a password request for my user
(gunjo):

svn: PROPFIND of '': 500 internal server error

The apache access log says:

visitor [17/Feb/2007:19:39:20 +0100] "PROPFIND /gunnar/svn HTTP/1.1" 401 526
"-" "SVN/1.4.2 (r22196) neon/0.25.5"
gunjo [17/Feb/2007:19:39:23 +0100] "PROPFIND /gunnar/svn HTTP/1.1" 500 661
"-" "SVN/1.4.2 (r22196) neon/0.25.5"

The kforge.log says:

[2007-02-17 19:39:20,432] Access Denied: Person 'visitor' to 'Read' object
'<Plugin id='3' dateCreated='2007-02-17 16:48:46' name='svn'>': Access not
authorised, by default.
[2007-02-17 19:39:23,706] Access Denied: Person 'visitor' to 'Read' object
'<Plugin id='3' dateCreated='2007-02-17 16:48:46' name='svn'>': Access not
authorised, by default.

And the apache error log says:

[Sat Feb 17 19:39:23 2007] [error] [client ] (9)Bad file descriptor: Could
not open password file: (null)

Any thoughts?

Sorry for the lengthy mail, but I like your system, and would really like to
see it work for me  :-)

Regards,  Gunnar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/kforge-user/attachments/20070217/868c5f11/attachment-0001.html>