Gillis, Paul wrote:
> I was mistakenly under the impression that I had to enable SSPI to
> use Windows domain authentication. It's just the way I read it in
> the manual. So if I understand correctly, mod_auth_sspi with AuthType
> SSPI would have tried to authenticate me without prompting for
> username and password again and with AuthType Basic it will instead
> always prompt me for a username and password. Is that right? What I
> want to avoid are anonymous commits by anybody. That's why I was
> tying to force SSPI.
You could also leave it as it is now. TSVN will first try SSPI, and if
that doesn't work it falls back to basic authentication with your
domain. From your last mail it seems that this works already.
>>> I now realize that https from the Subversion client also gives me
>>> a certificate error: "The certificate is not issued by a trusted
>>> authority. Use the fingerprint to validate the certificate
>>> manually!" I generated the certificate following the instructions
>>> in 3.1.7 of the manual. Are they incorrect or incomplete? What
>>> do I have to do to generate a trustworthy certificate that
>>> subversion and TSVN will accept?
>> You would have to buy a certificate from a trusted company, a so
>> called "certificate authority":
> It looks like I can choose to accept the untrusted certificate
> permanently and not be bothered by this. Or, if I disable SSPI, I
> should not see it at all.
That has nothing to do with SSPI. Well, at least not much :)
You would also get this dialog for 'normal' https connections where you
don't even have authentication set up. But since you're using http, it's
really SSPI which triggers this (at least I assume, I don't know how
your domain controller is set up).
And yes, you can permanently accept this certificate and then you won't
get bothered again.
Or, you could install your manually created certificate on all client
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest Interface to (Sub)Version Control
/_/ \_\ http://tortoisesvn.net
Received on 2008-10-17 20:07:28 CEST