[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: mod_auth_kerb and usernames

From: Michael Richters <michael.richters_at_gmail.com>
Date: 2007-03-10 00:04:53 CET

On Fri, Mar 09, 2007 at 02:16:51PM -0700, Wesley J. Landaker wrote:
> On Friday 09 March 2007 12:53, Michael Richters wrote:
> > When using apache with mod_auth_kerb, $REMOTE_USER contains the whole
> > kerberos principal name, including "@REALM". This makes it difficult
> > to maintain a repository that uses both mod_auth_kerb and some other
> > method of access. Is there any way to configure subversion so that
> > the realm is stripped from the username?
>
> I ran across this problem in one installation and ended up concluding that
> to get it to work I'd have to either hack the mod_auth_kerb source, which
> would be easy but a pain to track on upgrades, etc, or use principal@REALM
> for usernames in SVN, which would be unacceptable.
>
> So instead, I just used mod_auth_pam at let the Linux PAM system handle the
> kerberos authentication transparently instead.

Does mod_auth_pam do SPNEGO authentication, allowing the users to use
their kerberos tickets to authenticate without the use of passwords?

  --Mike

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Mar 10 00:05:17 2007

This is an archived mail posted to the Subversion Users mailing list.