[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TSVN does not support NTLM authentication

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: 2007-12-06 20:48:22 CET

Adrian Wilkins wrote:

> On the other hand, it would appear to be very small patch to the neon
> source to "(un) fix" it. Maybe a bit more if you wanted to be able to
> configure it. For the typical use for NTLM auth, which is over a windows
> LAN, I don't think it's such a huge thing ; people will more than likely
> instead just be typing their network password into the auth box, which
> then sends it across the network via Basic auth! I know this is the way
> I have mine configured (yes, yes, I should be using SSL). If you want,
> you could always build it yourself (it's not hard to figure out which
> code to change). I did find a post...
>
> http://osdir.com/ml/web.webdav.neon.general/2006-12/msg00039.html
>
> .. which suggests you can override this behaviour through the API (at
> the 0.26 level anyway).

Yes, you can configure this with neon > 0.26.

> This seems to have gone into the SVN sources at r21531, so it's
> supported in 1.4.2 clients upwards. It looks as simple as editing your
> servers file, creating a group for servers which you use SSPI for, and
> adding the appropriate http-auth-types = basic;digest;negotiate to the
> config.

Almost correct: it's available in Subversion built from trunk (the
upcoming 1.5), but *not* in 1.4.x - that part has not been backported
(and there's a veto vote which prevents it from ever being backported).

With a current nightly build from trunk, it's possible to edit the
servers file and activate this. If you like to try, please report back
how it works for you.

> I confess though, I've yet to get this to work. mod_sspi works fine at
> authenticating the user against the domain, using their domain password,
> but I can't get it to work seamlessly ; so I have to resort to using the
> "Basic" passthrough feature. (SSPIOfferBasic On). Which means passwords
> in plaintext.

Not the best way to do this :(
Can you try a nightly build and edit the servers file? Maybe you can get
it to work properly with http (I never tried that, and I don't have a
domain controller to test, so I have to rely on others to do that).

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Thu Dec 6 20:48:35 2007

This is an archived mail posted to the TortoiseSVN Dev mailing list.