Re: On backporting r21531 to 1.4.x.

From: Mark Phippard <markp_at_softlanding.com>
Date: 2006-10-09 22:32:34 CEST

Stefan Küng <tortoisesvn@gmail.com> wrote on 10/09/2006 04:25:08 PM:

> The best way to deal with this would be:
>
> * option in the servers config file
> * if SSPI is disabled in the config file, never use it
> * if the option is not set, first try with SSPI, then try without SSPI.

In general I think I agree with you -- based on your previous messages.

That being said, suppose SSPI is enabled and I am using it. I connect to
a repository, it correctly authenticates me as my ID via SSPI. I try to
access something I am not authorized to. Won't I now get prompted for
username and password? Is that really the behavior we want?

What would happen in authz scenarios where you are not authorized to a
subset of files, such as on a checkout or log? Presumably in these
scenarios it would just work like it does today and silently not include
those files.

Perhaps SSPI should be treated somewhat like SSL client certs or proxies?
Off by default, turn it on if you need it as it is an "advanced"
authentication method.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Oct 9 22:32:48 2006

This message: [ Message body ]
Next message: Daniel Rall: "Re: On backporting r21531 to 1.4.x."
Previous message: Stefan Küng: "Re: On backporting r21531 to 1.4.x."
In reply to: Stefan Küng: "Re: On backporting r21531 to 1.4.x."
Next in thread: Stefan Küng: "Re: On backporting r21531 to 1.4.x."
Reply: Stefan Küng: "Re: On backporting r21531 to 1.4.x."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]