[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN - Delegate kerberos credential

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Tue, 14 Apr 2015 21:06:36 +0200

On 14.04.2015 17:12, Ionut Craciunescu wrote:
> Hello,
>
> I setup our SVN server for AD SSO by using Apache, DAV module, keberos authentication and ldap authorization.
>
> The goal is to have full AD integration: SSO on user side (implies kerberos authentication) and use AD groups for authorization.
>
> From functionality point of view, everything works just fine, we have full AD SSO, users are able to do all required actions and we are able to use AD groups for authorization.
>
> The downside of this setup is that Kerberos authentication induces an observable slowness when a commit\checkout of a large number of files takes places. Authentication is performed for each file that has to be committed\checked out.
>
> I was wondering if enabling kerberos credential saving (KrbSaveCredentials On) on server side will speed up things.
>
> I configured the server for credential saving. For example when I access the repo via browser I can see the credentials being cached on the server and in the server logs the message "the client delegate us their credential" .
>
> But when I access the repo via TortoiseSVN, kerberos credentials are not saved on the server; the client does not delegate\forward credentials. Is this something that can be configured on TortoiseSVN side ?
>
> Do other users reported any slowness when using Kerberos auth ?

First, make sure the user GUEST is not active or does even exist on the
server. If that user exists, the authentication is always tried first
with that user and when that fails the real user is tried (the auth is
always tried first with the user that has the least privileges and then
tried with higher privileged users).

If that doesn't help, you can try editing the servers file (settings
dialog, network, click the edit button).
There you can configure the networking options of svn clients.
I think the 'http-timeout' option which is set to 60 seconds by default
might help.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3112647
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2015-04-14 21:06:38 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.