[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: TSVN & Apache & SSPI & SSL problems

From: Gillis, Paul <pgillis_at_insight-tek.com>
Date: Fri, 17 Oct 2008 13:07:12 -0400

>-----Original Message-----
>From: Stefan Küng [mailto:tortoisesvn_at_gmail.com]
>Sent: Friday, October 17, 2008 11:32 AM
>To: users_at_tortoisesvn.tigris.org
>Subject: Re: TSVN & Apache & SSPI & SSL problems
>
>Gillis, Paul wrote:
>> Hi Stefan,
>>
>> Yes, my client is using the very latest versions of Subversion 1.5.3
>> and TSVN 1.5.4. I did not build it. I downloaded the binaries from
>> tigris.org. The server is running 1.5.2. But I would not expect that
>> to account for my TSVN issue since my svn 1.5.3 client can
>> authenticate to the 1.5.2 server.
>>
>> Yes, I am trying this from the very same machine, my desktop
>> computer.
>>
>> The $ at the end of my SVNParentPath directive is the nomenclature to
>> denote a hidden Windows file share. I should note that I was able to
>> open my repositories with TSVN perfectly fine prior to adding the
>> directives to authenticate using the PDC. But we don't want to run
>> anonymously.
>>
>> I am certain my computer is a member of our domain. It's required
>> here.
>>
>> I was not expecting that I would have to enter my domain/username to
>> authenticate with SSPIOmitDomain on. But it failed when I entered
>> just my username so I gave it a try with domain and username and it
>> worked. This is from my svn console window so it leads me to believe
>> my problem is TSVN:
>>
>>> svn info http://vc-1/svn/myrepo
>> Authentication realm: <http://vc-1:80> Subversion repositories
>> Password for 'gillis_p': ******** Authentication realm:
>> <http://vc-1:80> Subversion repositories Username: mydomain\gillis_p
>> Password for ' mydomain\gillis_p': ******** Path: myrepo URL:
>> http://vc-1/svn/myrepo Repository Root: http://vc-1/svn/myrepo
>> Repository UUID: be8097fc-3112-874e-b525-a36b8ade6167 Revision: 300
>> Node Kind: directory Last Changed Rev: 300 Last Changed Date:
>> 2008-10-16 16:04:16 -0400 (Thu, 16 Oct 2008)
>>
>>
>> Do you have any other suggestions? I'm stumped!
>
>I see the problem now:
>The command line client doesn't compile SSPI support, it relies on the
>fallback to basic authentication for SSPI authentication. TSVN however
>supports SSPI authentication (i.e., you don't even have to enter
>username/password - the authentication is done by the OS and your
>domain). But SSPI only works for https connections, not http connections.

Would you mind clarifying this so I understand better? Perhaps there are others who share my confusion and would benefit from an explanation.

The ONLY reason I enabled sspi is to be authenticate users with the domain controller so I don't have to maintain a password file. I don't care if the svn communication is encrypted. Section 3.1.7 in the TSVN manual tells me that sspi is the way to do this hence I cannot disable sspi authentication.

I now realize that https from the Subversion client also gives me a certificate error: "The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually!" I generated the certificate following the instructions in 3.1.7 of the manual. Are they incorrect or incomplete? What do I have to do to generate a trustworthy certificate that subversion and TSVN will accept?

Also... I found this strange... I can use TSVN to open my repository with http (versus https). But if I click on a folder to checkout, the OK button in the checkout dialog is not available. I've never seen this before and I assumed it was because I was not authenticated and my SSPIAuthoritative directive required it. Am I mistaken?

Thank you for your help!

- Paul

>
>So, either disable SSPI authentication and only use domain
>authentication (SSPIAuthoritative Off), or enable https to your repository.
>
>Stefan
>
>--
> ___
> oo // \\ "De Chelonian Mobile"
> (_,\/ \_/ \ TortoiseSVN
> \ \_/_\_/> The coolest Interface to (Sub)Version Control
> /_/ \_\ http://tortoisesvn.net

This e-mail message and all attachments thereto may contain technical data that is subject to export control regulations, or confidential material, and is for the sole use of the intended recipients. Review, dissemination, or other use by anyone else is prohibited. If you are not an intended recipient, please contact the sender and delete all copies.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-10-17 19:07:22 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.