[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Should missing smart card support not be added in the release notes?

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Tue, 4 Jun 2013 15:25:07 +0400

On Tue, Jun 4, 2013 at 3:19 PM, Lieven Govaerts <lgo_at_apache.org> wrote:
> On Tue, Jun 4, 2013 at 12:55 PM, Ivan Zhakov <ivan_at_visualsvn.com> wrote:
>> On Tue, Jun 4, 2013 at 2:51 PM, Lieven Govaerts <lgo_at_apache.org> wrote:
>>> Hi,
>>>
>>>
>>> see subject. Serf and ra_serf don't have smart card support at this
>>> moment, unlike neon.
>>>
>>> I'd expected this to be mentioned in the release notes for 1.8.0 as
>>> this is not new information (at least I hope so), but I can't find
>>> anything about it.
>>>
>> Serf doesn't support smart cards for SSL based authentication, but
>> SPNego (Kerberos/NTLM) smart authentication works fine.
>
> Ah, didn't know that. So you use your smart card to log in to Windows
> and/or to the domain, which then enables single sign-on to a
> Kerberos-enabled svn server right?
>
I didn't try Kerberos-enabled server. I tested using Active Directory
domain controller. Windows SSPI automatically uses credentials from
smart card used to logon to Windows.

> In such a scenario, would you make the SSL layer additionally request
> a valid client certificate?
>
This performed using different API. I believe that can be handled
automatically by openssl when CAPI engine is enabled.

-- 
Ivan Zhakov
CTO | VisualSVN | http://www.visualsvn.com
Received on 2013-06-04 13:26:00 CEST

This is an archived mail posted to the Subversion Dev mailing list.