Re: TSVN 1.5 + neon enabled MIT

From: Alec Kloss <Alec.Kloss_at_oracle.com>
Date: Wed, 30 Jul 2008 11:00:09 -0500

On 2008-07-28 16:58, Stefan Küng wrote:
> Alec Kloss wrote:
>
> >I've had some success using the GSSAPI support in SASL with
> >Tortoise. It's got some nice perks compared to Negotiate auth...
> >like not needing all the hassle of setting up certificates for SSL
> >and the pesky performance problems with mod_dav_svn. And, best of
> >all, since SASL dynamically loads auth modules, you just need to
> >build it and drop it (along with the MIT libraries) into a
> >TortoiseSVN bin/ directory and everything just works.
>
> How big are those libraries of yours?

I haven't tried to get down to a minimal set, but all DLLs in MIT's
bin directory total at about 3.3 MB, the largest of which is
mfc71.dll at almost 1 MB.

If you don't want to include MIT Krb5 libraries, it'd still be nice
to include the GSSAPI module, so someone who wants MIT could arrange for
the libraries to be loadable by copying them into TortoiseSVN's bin
directory or by putting them in a directory listed in PATH.

> Do you have build instructions?

I build Cyrus SASL 2.1.22 following their win32 build notes. I
enabled GSSAPI by setting

        GSSAPI=CyberSafe
        GSSAPI_INCLUDE=\path\to\mit\kerberos\inc\krb5
        GSSAPI_LIBPATH=\path\to\mit\kerberos\lib\i386

on the nmake command line (in addition to the settings for DB),
etc. The whole thing for me looked something like this:

nmake -f NTMakefile
DB_INCLUDE=z:\cellname.com\user\ajk\cyrus-sasl\db-4.3.28\build_win32
DB_LIBPATH=z:\cellname.com\user\ajk\cyrus-sasl\db-4.3.28\build_win32\Release
GSSAPI=CyberSafe GSSAPI_INCLUDE=c:\Progra~1\Mit\Kerberos\inc\krb5
GSSAPI_LIBPATH=c:\Progra~1\Mit\Kerberos\lib\i386 DB_LIB=libdb43.lib
CFG=Release

> >Stefan, any thoughts about including the GSSAPI module in the SASL
> >you build with Tortoise? I found that, if the MIT libraries aren't
> >present, SASL quietly eats the load error and disables GSSAPI.
> >Worst case, the SVN library reports that it can't negotiate
> >authentication with the server... it's pretty slick. Or, you
> >could probably bundle MIT Kerberos for Windows in Tortoise. As I
> >read the license on their source code, you can do pretty much
> >whatever you want with MIT Kerberos, except possible export it
> >and use MITs name to advertise.
>
> It depends on how big the libraries are. And if we can build them
> without patching the sourcecode.

-- 
Oracle Confidential Information        
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

application/pgp-signature attachment: stored

Received on 2008-07-30 18:00:26 CEST

This message: [ Message body ]
Next message: Arcady Volman: "Re: "normal" items in "Check for modifications" with "Show unmodified files" unchecked (TortoiseSVN 1.5.1, Build 13563)"
Previous message: Simon Large: "Re: [Fwd: What are the switches and params for merging with WinMerge?]"
In reply to: Stefan Küng: "Re: TSVN 1.5 + neon enabled MIT"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]