[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: TSVN does not support NTLM authentication

From: Wyss Clemens (Helbling Technik) <clemens.wyss_at_helbling.ch>
Date: 2007-12-10 16:06:28 CET

>Can you try a nightly build and edit the servers file?
unfortunately I cannot build from sources. Could you provide me with a "custom build"? I will then testrun it in my/our environment?

-----Original Message-----
From: Stefan Küng [mailto:tortoisesvn@gmail.com]
Sent: Donnerstag, 6. Dezember 2007 20:48
To: dev@tortoisesvn.tigris.org
Subject: Re: TSVN does not support NTLM authentication

Adrian Wilkins wrote:

> On the other hand, it would appear to be very small patch to the neon
> source to "(un) fix" it. Maybe a bit more if you wanted to be able to
> configure it. For the typical use for NTLM auth, which is over a
> windows LAN, I don't think it's such a huge thing ; people will more
> than likely instead just be typing their network password into the
> auth box, which then sends it across the network via Basic auth! I
> know this is the way I have mine configured (yes, yes, I should be
> using SSL). If you want, you could always build it yourself (it's not
> hard to figure out which code to change). I did find a post...
>
> http://osdir.com/ml/web.webdav.neon.general/2006-12/msg00039.html
>
> .. which suggests you can override this behaviour through the API (at
> the 0.26 level anyway).

Yes, you can configure this with neon > 0.26.

> This seems to have gone into the SVN sources at r21531, so it's
> supported in 1.4.2 clients upwards. It looks as simple as editing your
> servers file, creating a group for servers which you use SSPI for, and
> adding the appropriate http-auth-types = basic;digest;negotiate to the
> config.

Almost correct: it's available in Subversion built from trunk (the upcoming 1.5), but *not* in 1.4.x - that part has not been backported (and there's a veto vote which prevents it from ever being backported).

With a current nightly build from trunk, it's possible to edit the servers file and activate this. If you like to try, please report back how it works for you.

> I confess though, I've yet to get this to work. mod_sspi works fine at
> authenticating the user against the domain, using their domain
> password, but I can't get it to work seamlessly ; so I have to resort
> to using the "Basic" passthrough feature. (SSPIOfferBasic On). Which
> means passwords in plaintext.

Not the best way to do this :(
Can you try a nightly build and edit the servers file? Maybe you can get it to work properly with http (I never tried that, and I don't have a domain controller to test, so I have to rely on others to do that).

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Mon Dec 10 16:06:46 2007

This is an archived mail posted to the TortoiseSVN Dev mailing list.