[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[Issue 1844] SVN can be authenticated with SSPI/NTLM

From: Serge Gotvansky <Serge.Gotvansky_at_materialise.kiev.ua>
Date: 2005-07-13 15:18:13 CEST

I would like to inform everybody that I managed to make SVN being
authenticated in Apache via SSPI/NTLM as well with proxy on Microsoft ISA

At the first here is our system configuration:

* Local SVN Server:

* svn server works as a module behind Apache 2 running on some
Microsoft Server
* sspi_auth_module as an authentication module alowing both Basic and
SSPI/NTLM authentication. Passwords are checked in NT domain.
* authz_svn_module as an authorization module

* Proxy Server

* Microsoft ISA Proxy server allowing NTLM, Kerberos and Kerberos
authentication to pass outside local network

* Client

* svn 1.2.0 and TortoiseSVN running on Microsoft workstations
* we access local svn repositories and remote via http and https

As it's known svn supports only Basic and Digest authentication by default.
But it uses neon with SSPI implemented in the latest release (I actually
used 0.25.2). Theirs config.hw.in contains HAVE_SSPI define by default.
All u need to enable NTLM SSPI support in svn is just rebuild svn with the
latest neon library.
Then it's possible to enable svn being authenticated in ISA proxy server.
subversion/libsvn_ra_dav/session.c contains a code enabling authentication
in proxy only if u specify username in registry (http-proxy-username item).
I attached a patch that avoids this.
Then I rebuild TortoiseSVN with updated svn libraries and neon and I found
that everything works:

* svn/tortoise can be authenticated in Apache with SSPI/NTLM as well
as Basic
* svn/tortoise can pass local ISA server authenticated with SSPI/NTLM
and SSPI/Negotiate
* all of this work via HTTP as well as HTTPS.

So my team is working with it and I didn't find any problems yet. May be
other guys can look at it?
With Best Regards
Serge Gotvansky


RSM Team Lead
Materialise Ukraine
vul. Heroiv Kosmosu 4
03148 Kyiv
Tel: +380 (44) 247-19-80 (extension 217)
Fax: +380 (44) 247-19-81
e-mail: Serge.Gotvansky@materialise.kiev.ua
web: http://www.materialise.com <http://www.materialise.com/>

This e-mail and its attachments may contain confidential information. It is
intended solely for the use of the addressee(s) named herein. Any use of the
information contained herein by other persons is prohibited. If you have
received this e-mail by mistake, please immediately notify the sender and
permanently delete the original as well as any copy thereof. Materialise NV
does not accept any liability for the contents of this e-mail and its

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed Jul 13 15:25:05 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.