-----BEGIN PGP SIGNED MESSAGE-----
Ludek Finstrle wrote:
> Thu, Mar 13, 2008 at 03:27:18PM +0000, Matthew Richardson napsal(a):
>>> I could potentially test the SSPI functions on the msi you made previously, provided you
>>> can confirm what the test steps would be (I have access to windows servers and an Active
>>> Directory for testing).
>> Actually scratch that - it turns out that the AD maintainers here are unhappy to give me a
> What a pity.
>> keytab, even for a test account, so I can't actually do SSPI, unless there is some way I
>> can do it without an AD keytab.
OK - having done a bit more investigating, I think the lack of a keytab was a red herring,
and I've since done the following test.
Installed Apache on Windows machine joined to AD domain, set up SSPI and SSL for the /svn
folder and created a repository there.
Pointing firefox at it and watching in wireshark sees an initial 401 with
WWW-Authenticate: NTLM, and then NTLM challenge response from the client and an eventual
message from the server to the domain controller and back again, followed by the web page
being served to the client. (i.e SSPI is working to do auth against the AD domain).
With the standard TortoiseSVN install, I can checkout and commit to the repository - the
logs showing the commit user as matching my AD credentials (being read from those used for
the Windows login). However, with the version of TortoiseSVN patched for GSSAPI, I get an
immediate 401 on the PROPFIND. This unfortunately seems to imply your modifications have
stopped SSPI working.
Let me know if there are any extra tests I can do at this point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-03-14 17:55:09 CET