[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: "Windows Authentication" Was: "Credentials Caching - Security Guy Not Happy" from users list

From: Max Bowsher <maxb_at_ukf.net>
Date: 2004-08-26 20:12:43 CEST

Steve Dwire wrote:
> [cross-posting to dev]
>
> OK... I'm about to expose my ignorance and Windows-centric perspective
> here...
>
> With SQL Server and the Query Analyzer client, I can log on using
> "Windows Authentication", and the server somehow magically accepts the
> credentials I used to log in to the system. I don't have to re-type my
> domain logon and password, and it's not cached anywhere. IIS and
> Internet Explorer have some means of exchanging those credentials as
> well - if everything's configured "properly."
>
> At this point, all I know is that it's possible for a server process to
> accept my existing windows domain authentication even when I'm on a
> different machine. I have no idea how that handshake works. I'm
> thinking that if we could get Subversion and Apache to work the same
> way, we would resolve the security problem with cleartext passwords and
> make life happier for most Windows domain users (and admins).
>
> Can someone a) point me to a document explaining (at a high level) how
> those existing client/server handshakes work, b) enumerate what would
> have to be added to the SVN (or TortoiseSVN) client software and apache
> mod_auth_??? to support this kind of seamless authentication mode,
> and/or c) explain why that concept just plain won't work between svn and
> Apache?

IIRC, the acronym "SSPI" has something to do with this. That is the entire
depth of my knowledge on the subject, though.

Max.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Aug 26 20:13:10 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.