According to:
http://tortoisesvn.net/docs/nightly/TortoiseSVN_en/help-onepage.html#tsvn-serversetup-apache-6
it should be possible to set up Apache to authenticate to both SSPI and a password file.
I'm trying to get this working on a Windows Apache 2.2 server, but without success. SSPI works on its own, and the password file works on its own. But if I try to use both together, as described, then authenticating against the SSPI works but authenticating against the password file fails.
I'm wondering: does this solution simply not work on Apache 2.2.x due to changes to the authentication/authorization setup in Apache 2.2.x?
I'm interested to know if anyone else has tried this on Apache 2.2.x, and if you ended in success or failure.
See also this forum message:
https://sourceforge.net/projects/mod-auth-sspi/forums/forum/550583/topic/3565821/index/page/1
I have the exact same issue you described - trying to set up both SSPI and Basic/password file authentication for Subversion on Apache 2.2.14. This setup currently works for me on Apache 2.0.58. Here is the Location configuration snippet I've tried (works on Apache 2.0.58 but not on 2.2.14):
<Location /svn>
DAV svn
SVNListParentPath on
SVNParentPath C:/svn_repository
SSLRequireSSL
AuthType Basic
#AuthAuthoritative Off
AuthName "Subversion repositories"
AuthUserFile C:/svn_repository/password-file
AuthType SSPI
SSPIAuth On
SSPIAuthoritative Off
SSPIOfferSSPI Off
SSPIOfferBasic On
SSPIBasicPreferred On
#SSPIDomain mydomain
Require valid-user
</Location>
Like in your case, SSPI and password-file authentication work separately but not together. Hope this helps.
I found a workaround for Apache 2.2 that worked for me, courtesy of http://krangsquared.blogspot.com/2008/02/configuring-subversion-authentication.html. The idea is defining two "Location" elements in Apache 2.2 config - one for Windows AD authentication (for most internal svn users) and one Basic password-file authentication (for the few external or non-Windows domain users). This essentially creates two virtual URLs to the same svn repository allowing two distinct authentication methods - not perfect, but better than being stuck on Apache 2.0. Here is an example:
#This Location is for Windows AD authentication only
<Location /svn>
DAV svn
SVNListParentPath on
SVNParentPath C:/svn_repository
SSLRequireSSL
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain somedomain
Require valid-user
</Location>
#This location is for Basic password-file based authentication for external users
<Location /svnext>
DAV svn
SVNListParentPath on
SVNParentPath C:/svn_repository
SSLRequireSSL
AuthType Basic
#AuthAuthoritative Off
AuthName "Subversion repositories"
AuthUserFile C:/svn_repository/password-file
Require valid-user
</Location>
HTH