Re: NT domains and SVN (was IIS WebDAV (Once again))

Branko Čibej wrote:

> Jim Geist wrote:
>
>> One reason is it would be nice to be able to use NT domain
>> credentials for
>> authentication if you're running SVN in a Windows environment. I
>> don't think
>> it would be hard to do under IIS, but I don't see any way to get
>> Apache to
>> do it. But then, I'm still learning Apache, so maybe there's a module
>> I'm
>> not aware of.
>>
>> Anyone know? We're about to deploy SVN, and it would be cool to not
>> have to
>> maintain two user databases :-)
>>
>>
> If you run Apache on Windows, you can use mod_auth_sspi. On Unix, I
> use a combination of mod_auth_pam for Apache and pam_smb_auth; so
> Apache uses generic PAM authentication calls, and the PAM module talks
> to an NT domain controller.
>
> I suppose it should be possible to authenticate against an Active
> Directoiry server with mod_auth_ldap, but I've not tried that yet.

Yes, it is quite possible. We are doing this in fact. We run subversion
under apache2 on a linux box and authenticate to AD. Go look at

http://modauthkerb.sourceforge.net/

The only snag we've run into happened because the principal name is
formed from the Host in the request, which in our case didn't work. This
was easy to fix.

-- 
Jens B. Jorgensen
jens.jorgensen@tallan.com
"With a focused commitment to our clients and our people, we deliver value through customized technology solutions"  
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org