[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Antwort: Re: Antwort: Re: Linux mod_auth_ntlm_winbind and TortoiseSVN

From: <Rudolf.Lippert_at_Proleit.de>
Date: Mon, 6 Oct 2008 11:44:47 +0200

Hi Luf!

I wish it was that easy. I got a domain admin to create a keytab for me
and installed it according to http://grolmsnet.de/kerbtut. But I still get
a 401 response and no log messages whatsoever.
What am I missing?

Ludek Finstrle <ludek.finstrle_at_pzkagis.cz> schrieb am 02.10.2008 16:18:59:

> Hello,
>
> Thu, Oct 02, 2008 at 03:41:34PM +0200, Rudolf.Lippert_at_Proleit.de
napsal(a):
> > I have noticed the mod_auth_kerb module, but I haven't been able to
figure
> > out what I need to do to make it work. It seem much more complicated
than
> > winbind. Still, if one works and the other doesn't, I'll go for kerb.
> > Could you explain how you got SSO working?
>
> I don't think so. Here you're steps:
>
> 1) create account for machine in AD and export host keytab
> HTTP/<FQDN> of apache host - IP where apache is listening on
> (forward "A" and reverse "PTR" DNS entry have to match)
> (http://technet.microsoft.com/en-us/library/bb742433.aspx)
> 2) put the keytab with enough secure permissions to apache host
> apache process has to have rights to read this keytab
> 3) configure mod_auth_kerb this way:
> LoadModule auth_kerb_module modules/mod_auth_kerb.so
> ...
> AuthType Kerberos
> AuthName "Whatever you want"
> KrbMethodNegotiate on
> KrbMethodK5Passwd on
> KrbAuthoritative on
> KrbAuthRealms <your REALM = AD domain name>
> KrbServiceName HTTP/<FQDN of apache host>@<domain>
> Krb5Keytab /path/to/keytab/file.keytab
> # this should provide some speed up
> KrbSaveCredentials on
>
> That's all. Do you still think it's hard to setup? ;o)
>
> > Dekuji moc,
>
> Neni zac,
>
> Luf
>
> > Ludek Finstrle <ludek.finstrle_at_pzkagis.cz> schrieb am 02.10.2008
15:26:55:
> >
> > > Wed, Oct 01, 2008 at 10:35:43AM +0200, Rudolf.Lippert_at_Proleit.de
> > napsal(a):
> > > > I have a problem with at least two edges here:
> > > > First:: mod_auth_ntlm_winbind does not support NTLM over HTTPS,
while
> > > > TortoiseSVN does not support NTLM without HTTPS. At least, this is
my
> > > > understanding so far.
> > >
> > > Hello,
> > >
> > > another point of view. Isn't mod_auth_kerb enough for you? Do you
> > > really need ntlm auth? I've working SSO using windows AD as kerberos
> > > server and a lot of win clients using it without typing their
passwords.
> > > I'm sorry I have no ntlm configuration at all.
> > >
> > > Regards,
> > >
> > > Luf
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
> For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
>
Received on 2008-10-06 11:41:19 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.