[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Antwort: Re: Linux mod_auth_ntlm_winbind and TortoiseSVN

From: Ludek Finstrle <ludek.finstrle_at_pzkagis.cz>
Date: Thu, 2 Oct 2008 16:18:59 +0200

Hello,

Thu, Oct 02, 2008 at 03:41:34PM +0200, Rudolf.Lippert_at_Proleit.de napsal(a):
> I have noticed the mod_auth_kerb module, but I haven't been able to figure
> out what I need to do to make it work. It seem much more complicated than
> winbind. Still, if one works and the other doesn't, I'll go for kerb.
> Could you explain how you got SSO working?

I don't think so. Here you're steps:

1) create account for machine in AD and export host keytab
   HTTP/<FQDN> of apache host - IP where apache is listening on
   (forward "A" and reverse "PTR" DNS entry have to match)
   (http://technet.microsoft.com/en-us/library/bb742433.aspx)
2) put the keytab with enough secure permissions to apache host
   apache process has to have rights to read this keytab
3) configure mod_auth_kerb this way:
LoadModule auth_kerb_module modules/mod_auth_kerb.so
...
AuthType Kerberos
AuthName "Whatever you want"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <your REALM = AD domain name>
KrbServiceName HTTP/<FQDN of apache host>@<domain>
Krb5Keytab /path/to/keytab/file.keytab
# this should provide some speed up
KrbSaveCredentials on

That's all. Do you still think it's hard to setup? ;o)

> Dekuji moc,

Neni zac,

Luf
 
> Ludek Finstrle <ludek.finstrle_at_pzkagis.cz> schrieb am 02.10.2008 15:26:55:
>
> > Wed, Oct 01, 2008 at 10:35:43AM +0200, Rudolf.Lippert_at_Proleit.de
> napsal(a):
> > > I have a problem with at least two edges here:
> > > First:: mod_auth_ntlm_winbind does not support NTLM over HTTPS, while
> > > TortoiseSVN does not support NTLM without HTTPS. At least, this is my
> > > understanding so far.
> >
> > Hello,
> >
> > another point of view. Isn't mod_auth_kerb enough for you? Do you
> > really need ntlm auth? I've working SSO using windows AD as kerberos
> > server and a lot of win clients using it without typing their passwords.
> > I'm sorry I have no ntlm configuration at all.
> >
> > Regards,
> >
> > Luf

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-10-02 16:20:14 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.