[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Request: Kerberos/GSSAPI/SSPI and TortoisePlink in TortoiseSVN, TortoiseGIT and TortoiseHG too?

From: Joseph Galbraith <galb_at_vandyke.com>
Date: Thu, 03 Mar 2011 16:25:12 -0700

On 03/03/2011 12:28, Stefan Küng wrote:
> On 03.03.2011 08:34, jonathan d p ferguson wrote:
>> hi.
>>
>> Awesome TortoiseSVN devs:
>>
>> Thank you for creating such an awesome product. It sees thousands of
>> hours of use where I teach. :-)
>>
>> I've been following the thread of Kerberos/GSSAPI integration into
>> the PuTTY suite for some time now. There have been a number of ports
>> by various people that work. I noticed today (in revisiting the
>> thread) that basic support for Kerberos was added in r8952. Lest I'm
>> mistaken, it appears that the last time TortoisePlink synched was at
>> r8934, aka PuTTY version 0.59. The current revision for PuTTY is
>> r9117, though I am unaware of any imminent 0.61 release from the
>> PuTTY developers.
>>
>> I searched the TortoiseSVN developer's list archive/forum for related
>> topics and didn't see anything recent on this topic. I have not
>> attempted to update this tree myself, though I can authenticate over
>> Kerberos/GSSAPI with my own build of PuTTY/Plink r9117. My past
>> attempts to use a different Plink executable (ie, Plink with GSSAPI
>> support) with TortoiseSVN were too shaky for deployment.
>>
>> Could you please investigate the possibility of updating the Plink
>> submodule? As the PuTTY developers haven't yet blessed a release, I'm
>> not 100% sure that GSSAPI support is "ready," but it bears asking.
>> Adding such support infers a dynamically linked dependency on the
>> relevant Kerberos provider libraries (GSSAPI/SSPI). That linkage is
>> now handled by PuTTY/Plink itself.
>>
>> If this feature enters Tortoise{SVN,GIT,HG}, users of
>> Kerberos/GSSAPI/SSPI authentication will thank you. :-) I notice that
>> Kerberos/SSPI appears to be handled by libneon when authenticating
>> over HTTPS. It would be most excellent if a similar capability was
>> supported for SSH.
>>
>> The user story here is:
>>
>> "A user of Tortoise{SVN,GIT,HG} would like to authenticate against an
>> SSH-based {SVN,GIT,HG} server using Kerberos/GSSAPI/SSPI such that if
>> she has current credential tickets (and the server is authorized
>> against the kdc) she will not need to type a password to access the
>> repository behind the SSH service."
>>
>> Thoughts?
>
> On trunk, I've updated TortoisePlink to use version 0.61 of Plink. It
> has GSSAPI support, but: it only works for 32-bit. The 64-bit build
> doesn't support it, but of course it doesn't really matter because there
> are no 64-bit builds of kerberos for windows available anyway.

It is somewhat tricky to track down, but it is out there.

   http://www.secure-endpoints.com/#kfw

Whether 64-bit plink will work with it is another story...

Thanks,

Joseph

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2709426

To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-03-04 00:25:27 CET

This is an archived mail posted to the TortoiseSVN Dev mailing list.