[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Antwort: Re: Linux mod_auth_ntlm_winbind and TortoiseSVN

From: Ludek Finstrle <ludek.finstrle_at_pzkagis.cz>
Date: Thu, 2 Oct 2008 16:18:59 +0200


Thu, Oct 02, 2008 at 03:41:34PM +0200, Rudolf.Lippert_at_Proleit.de napsal(a):
> I have noticed the mod_auth_kerb module, but I haven't been able to figure
> out what I need to do to make it work. It seem much more complicated than
> winbind. Still, if one works and the other doesn't, I'll go for kerb.
> Could you explain how you got SSO working?

I don't think so. Here you're steps:

1) create account for machine in AD and export host keytab
   HTTP/<FQDN> of apache host - IP where apache is listening on
   (forward "A" and reverse "PTR" DNS entry have to match)
2) put the keytab with enough secure permissions to apache host
   apache process has to have rights to read this keytab
3) configure mod_auth_kerb this way:
LoadModule auth_kerb_module modules/mod_auth_kerb.so
AuthType Kerberos
AuthName "Whatever you want"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthoritative on
KrbAuthRealms <your REALM = AD domain name>
KrbServiceName HTTP/<FQDN of apache host>@<domain>
Krb5Keytab /path/to/keytab/file.keytab
# this should provide some speed up
KrbSaveCredentials on

That's all. Do you still think it's hard to setup? ;o)

> Dekuji moc,

Neni zac,

> Ludek Finstrle <ludek.finstrle_at_pzkagis.cz> schrieb am 02.10.2008 15:26:55:
> > Wed, Oct 01, 2008 at 10:35:43AM +0200, Rudolf.Lippert_at_Proleit.de
> napsal(a):
> > > I have a problem with at least two edges here:
> > > First:: mod_auth_ntlm_winbind does not support NTLM over HTTPS, while
> > > TortoiseSVN does not support NTLM without HTTPS. At least, this is my
> > > understanding so far.
> >
> > Hello,
> >
> > another point of view. Isn't mod_auth_kerb enough for you? Do you
> > really need ntlm auth? I've working SSO using windows AD as kerberos
> > server and a lot of win clients using it without typing their passwords.
> > I'm sorry I have no ntlm configuration at all.
> >
> > Regards,
> >
> > Luf

To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-10-02 16:20:14 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.