On Tue, Jun 4, 2013 at 3:56 PM, Lieven Govaerts <lgo_at_apache.org> wrote:
> On Tue, Jun 4, 2013 at 1:25 PM, Ivan Zhakov <ivan_at_visualsvn.com> wrote:
>> On Tue, Jun 4, 2013 at 3:19 PM, Lieven Govaerts <lgo_at_apache.org> wrote:
>>> On Tue, Jun 4, 2013 at 12:55 PM, Ivan Zhakov <ivan_at_visualsvn.com> wrote:
>>>> On Tue, Jun 4, 2013 at 2:51 PM, Lieven Govaerts <lgo_at_apache.org> wrote:
>>>>> Hi,
>>>>>
>>>>>
>>>>> see subject. Serf and ra_serf don't have smart card support at this
>>>>> moment, unlike neon.
>>>>>
>>>>> I'd expected this to be mentioned in the release notes for 1.8.0 as
>>>>> this is not new information (at least I hope so), but I can't find
>>>>> anything about it.
>>>>>
>>>> Serf doesn't support smart cards for SSL based authentication, but
>>>> SPNego (Kerberos/NTLM) smart authentication works fine.
>>>
>>> Ah, didn't know that. So you use your smart card to log in to Windows
>>> and/or to the domain, which then enables single sign-on to a
>>> Kerberos-enabled svn server right?
>>>
>> I didn't try Kerberos-enabled server. I tested using Active Directory
>> domain controller. Windows SSPI automatically uses credentials from
>> smart card used to logon to Windows.
>>
>>> In such a scenario, would you make the SSL layer additionally request
>>> a valid client certificate?
>>>
>> This performed using different API. I believe that can be handled
>> automatically by openssl when CAPI engine is enabled.
>>
>
> You are referring to a configuration where OpenSSL uses MS's CryptoAPI
> to use the Windows certificate store.
Yes.
--
Ivan Zhakov
CTO | VisualSVN | http://www.visualsvn.com
Received on 2013-06-04 14:01:46 CEST