[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TSVN 1.5 + neon enabled MIT

From: Alec Kloss <Alec.Kloss_at_oracle.com>
Date: Wed, 30 Jul 2008 11:00:09 -0500

On 2008-07-28 16:58, Stefan Küng wrote:
> Alec Kloss wrote:
> >I've had some success using the GSSAPI support in SASL with
> >Tortoise. It's got some nice perks compared to Negotiate auth...
> >like not needing all the hassle of setting up certificates for SSL
> >and the pesky performance problems with mod_dav_svn. And, best of
> >all, since SASL dynamically loads auth modules, you just need to
> >build it and drop it (along with the MIT libraries) into a
> >TortoiseSVN bin/ directory and everything just works.
> How big are those libraries of yours?

I haven't tried to get down to a minimal set, but all DLLs in MIT's
bin directory total at about 3.3 MB, the largest of which is
mfc71.dll at almost 1 MB.

If you don't want to include MIT Krb5 libraries, it'd still be nice
to include the GSSAPI module, so someone who wants MIT could arrange for
the libraries to be loadable by copying them into TortoiseSVN's bin
directory or by putting them in a directory listed in PATH.

> Do you have build instructions?

I build Cyrus SASL 2.1.22 following their win32 build notes. I
enabled GSSAPI by setting


on the nmake command line (in addition to the settings for DB),
etc. The whole thing for me looked something like this:

nmake -f NTMakefile
GSSAPI=CyberSafe GSSAPI_INCLUDE=c:\Progra~1\Mit\Kerberos\inc\krb5
GSSAPI_LIBPATH=c:\Progra~1\Mit\Kerberos\lib\i386 DB_LIB=libdb43.lib

> >Stefan, any thoughts about including the GSSAPI module in the SASL
> >you build with Tortoise? I found that, if the MIT libraries aren't
> >present, SASL quietly eats the load error and disables GSSAPI.
> >Worst case, the SVN library reports that it can't negotiate
> >authentication with the server... it's pretty slick. Or, you
> >could probably bundle MIT Kerberos for Windows in Tortoise. As I
> >read the license on their source code, you can do pretty much
> >whatever you want with MIT Kerberos, except possible export it
> >and use MITs name to advertise.
> It depends on how big the libraries are. And if we can build them
> without patching the sourcecode.

Oracle Confidential Information        
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

  • application/pgp-signature attachment: stored
Received on 2008-07-30 18:00:26 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.