[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authentication With Samba

From: Laurent CHASTEL <lchastel_at_hotmail.com>
Date: 2005-06-13 21:34:23 CEST

Hello,

I'm using Apache + samba for authentication and it works fine for me.
To manage autorization, I created several groups on Windows Domain (2 at
least, one for readers and one for writers).
I wrote a script that get the list of users of those groups and modify the
.svnaccess file.
I put the script in the cron to update the file every hour.

Regards,
Laurent

>From: Frank Gruman <fgatwork@verizon.net>
>To: Brad <svn@molandernet.com>
>CC: users@subversion.tigris.org, "Hughes, Trystan"
><Trystan.Hughes@assetco.com>
>Subject: Re: Authentication With Samba
>Date: Mon, 13 Jun 2005 12:42:00 -0400
>
>I'd have to say that yes, it is very possible, and it was relatively easy,
>but my authentication times are very slow (10-20 seconds). I've run
>ethereal scans, and it seems that there are Kerberos issues floating back
>and forth on the first and secod handshakes. But then they work out.
>Strange, but it happened...
>
>Anyway - that was when I did Apache+Samba + Winbind. Have now got Apache +
>LDAP running, and that rocks!
>
>So - make sure you get EVERYTHING right before you move into production. I
>had a couple of very unhappy developers (read -> whiney) who didn't like to
>wait that long for authentication. They started to revolt and claim they'd
>rather work on VSS.
>
>Regards,
>Frank
>
>Brad wrote:
>!
>>Tryst,
>> Yes and its far easier than it sounds. The only issue I have is that
>>users have to enter in the fully qualified domain user name such as
>>"DOMAIN\USER". That depends on your domain scoping though. But it works
>>fine other than that. I have the authentication hooked up through PAM.
>>Apache can authenticate with PAM through mod_auth_pam.
>>
>>Get your system authenticating first:
>>http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD_Domain
>>
>>And then use mod_auth_pam to get apache authenticating. Basically, just
>>don't specify a password file.
>>
>>
>>Brad
>>
>>
>>On Mon, 2005-06-13 at 14:38 +0100, Hughes, Trystan wrote:
>>
>>>Hi all,
>>>
>>>I am about to roll out Subversion across my company and have just
>>>realised that the company users use SAMBA (http://us1.samba.org/samba/)
>>>for its login/authentication process.
>>>
>>>This isn;t exactly Windows domain authentication, so was wondering if I
>>>would be able to let Subversion use Apache to pickup the users SAMBA
>>>login credentials so that they can automatically login (like Windows
>>>Domain Authentication works).
>>>
>>>Is this at all possible?
>>>
>>>Thanks
>>>
>>>Tryst
>>>
>>>The views expressed in this e-mail are not necessarily the views of
>>>AssetCo Group Limited,
>>>its directors, officers or employees make no representation or accept any
>>>liability for its accuracy or completeness unless expressly stated to the
>>>contrary.
>>>This e-mail, and any attachments are strictly confidential and intended
>>>for the addressee(s) only.
>>>The content may also contain legal, professional or other privileged
>>>information. Unless expressly
>>>stated to the contrary, no contracts may be concluded on behalf of
>>>AssetCo Group Limited by means of
>>>e-mail communication. You may report the matter by calling us on +44
>>>(0)118 906 8000.
>>>Please ensure you have adequate virus protection before you open or
>>>detach any documents from this
>>>transmission. AssetCo Group Limited does not accept any liability for
>>>viruses. AssetCo Group Limited
>>>is registered in England: Company number: 4450947
>>>Registered Office: Davidson House, Forbury Square, Reading, Berkshire RG1
>>>3GA
>>>
>>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jun 13 21:36:48 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.