Index: project_faq.html
===================================================================
--- project_faq.html	(revision 7589)
+++ project_faq.html	(working copy)
@@ -57,6 +57,8 @@
     original working copy)?</a></li> 
 <li><a href="#dumpload">What is this "dump/load cycle" people
     sometimes talk about when upgrading a Subversion server?</a></li> 
+<li><a href="#sspi">How do I allow clients to authenticate against a Windows domain controller
+    using SSPI Authentication?</a></li>
 <p>
 <strong>Troubleshooting:</strong>
 </p>
@@ -860,7 +862,32 @@
 change, and no dump/load is necessary. </p>
 
 <![CDATA[=========================================================]]>
+ 
+<h3><a name="sspi">How do I allow clients to authenticate against a
+Windows domain controller using SSPI authentication?</a></h3>
 
+<p><a href="http://tortoisesvn.tigris.org">TortoiseSVN</a> has an excellent
+document that describes setting up a Subversion server on Windows. Go
+<a href="http://tortoisesvn.tigris.org/doc/ch03.html">here</a>, then
+click on "Authentication With A Windows Domain" to see the section on
+SSPI authentication.</p>
+
+<p>An earlier version of this document left out a line:
+<pre>
+SSPIAuthBasic On
+</pre></p>
+
+<p>Without this line, a browser will prompt for the user's credentials,
+but Subversion clients will not. (The browser understands SSPI
+authentication, but the current release of Neon - Subversion's HTTP
+library - handles only basic authentication.)  Because the client never
+asks for credentials, any action that requires authentication will fail.
+Adding this line tells <tt>auth_mod_sspi</tt> to use basic authentication with
+the client, but to use the Windows domain controller to authenticate
+the credentials.</p>
+
+<![CDATA[=========================================================]]>
+
 <p>
 <hr>
 <p>