[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN and MIT Kerberos for Windows

From: Matthew Richardson <M.Richardson_at_ed.ac.uk>
Date: Fri, 14 Mar 2008 16:54:20 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ludek Finstrle wrote:
> Hello
>
> Thu, Mar 13, 2008 at 03:27:18PM +0000, Matthew Richardson napsal(a):
>>> I could potentially test the SSPI functions on the msi you made previously, provided you
>>> can confirm what the test steps would be (I have access to windows servers and an Active
>>> Directory for testing).
>> Actually scratch that - it turns out that the AD maintainers here are unhappy to give me a
>
> What a pity.
>
>> keytab, even for a test account, so I can't actually do SSPI, unless there is some way I
>> can do it without an AD keytab.

OK - having done a bit more investigating, I think the lack of a keytab was a red herring,
and I've since done the following test.

Installed Apache on Windows machine joined to AD domain, set up SSPI and SSL for the /svn
folder and created a repository there.

Pointing firefox at it and watching in wireshark sees an initial 401 with
WWW-Authenticate: NTLM, and then NTLM challenge response from the client and an eventual
message from the server to the domain controller and back again, followed by the web page
being served to the client. (i.e SSPI is working to do auth against the AD domain).

With the standard TortoiseSVN install, I can checkout and commit to the repository - the
logs showing the commit user as matching my AD credentials (being read from those used for
the Windows login). However, with the version of TortoiseSVN patched for GSSAPI, I get an
immediate 401 on the PROPFIND. This unfortunately seems to imply your modifications have
stopped SSPI working.

Let me know if there are any extra tests I can do at this point.

Matthew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH2q28QwGHl7Fegc8RAh3oAJ94ExI8ALddk/zQOs8QL9e2r6S3wwCdEp01
1qYwuam4IkWpKRWLheECJcI=
=wBr/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-03-14 17:55:09 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.