[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion and SSPI

From: Adrian Wilkins <adrian.wilkins_at_gmail.com>
Date: 2007-06-05 12:00:52 CEST

On 04/06/07, Rich <rich.littlejohn@gmail.com> wrote:
> Hi,
> Sorry to contact you off-list but I saw your post on the TortoiseSVN
> list entitled "Transparent SSPI Auth works in 7501, broken in 8645" I'm not
> a subscriber so I can't reply on list but I ran into exactly the same issue
> today. After digging around for quite a while I found that the HTTP library
> that that use in TortoiseSVN (Neon) has disabled SSPI Authentication for
> non-SSL connections - see here (http://mailman.webdav.org/pipermail/neon/2006-December/002334.html) for details. I've found that enabling SSL on
> the server has got rid of those annoying logon prompts again.
>

That's a solution, but I don't fancy the tedium of getting all my
users to change to https:// links or of setting up SSL on my apache
install. It's an internal server and I really don't care too much
about the insecure nature of NTLM over HTTP.

The trunk (1.5) has a new option for the servers file -
http-auth-types , which allows you to control which auth types the
Neon library uses on a per-server basis. That would be great for me
but I can't really go to 1.5 yet because I'm working on projects that
use 1.4 clients that have no 1.5 equivalent release yet. I had a look
at the source and the devs have chosen not to backport this to the 1.4
branch. The thread discussing this is
http://svn.haxx.se/dev/archive-2006-10/0224.shtml - Joe Orton alludes
to this in his post on the Neon list.

On the whole, I'm not too bothered - my users are used to using their
NTLM credentials over Basic. I have a feeling that some patch that IT
Services have inflicted on us may have broken mod_sspi on the server
anyway because TSVN build 7501 has stopped working for me. It's just
that niggling little splinter in your mind when something doesn't
work... :-)

I don't know whether setting http-auth-types = negotiate will force
the use of SSPI over plain HTTP though. It would be nice to find that
out.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Tue Jun 5 12:01:15 2007

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.