[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: supporting multiple kerberos principle in Authorization file

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Sat, 16 May 2009 22:37:31 +0400

Greetings, shantanu vibhore!

> I have been using subversion for path based authorization and hit a road
> block. I have users who access the same repository with multiple kerberos
> credentials. The authorization file specifies that you need to put them in
> the aliases section.

> [aliases]

> usera = usera<kerberos realm>

> Now if I have users accessing these repository through multiple principles
> for e.g usera<realmA> and usera<realmB>. I have two ways here

> Either I will have to group them together or try a way to rip of the realm
> in the apache kerberos module. Any body having a solution will be great.

At all times, if you can get rid of all unnecessary bloating in user
identification before passing user names to Subversion and still maintain user
authentity, do so.

I've been hit by that question, too, in environment with multiple authoritative
domains. Stripping leading <domainname>\ did the trick without cluttering svnauthz. 

--
WBR,
 Andrey Repin (anrdaemon_at_freemail.ru) 16.05.2009, <22:33>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2283186
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-05-16 20:41:22 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.