[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Kerberos Authentification + Authorization with groups

From: Crucius, Wesley <WCrucius_at_sandc.com>
Date: 2005-06-30 15:47:48 CEST

I don't know if this is significant or not, but my groups definitions
have a comma (and a space) between the individuals. I'm presently using
Apache htpasswd authentication, but I've used the SSPI stuff this way
too...

Your example, using the syntax I'm using would look like:
   www-editors = dtrosset@ACQIRIS.CH, other@ACQIRIS.CH

And doesn't this part:
   [svn-www:/]
   @www-editors

Need to actually specify some access mode? Something like:
   [svn-www:/]
   @www-editors = rw

Regarding what is the preferred authentication mechanism, I've seen
quite a few people indicate that they are using LDAP. I have tried,
unsuccessfully so far, but I don't think I have the right "connect"
string to make my AD server happy to answer...

Wes

-----Original Message-----
From: Didier Trosset [mailto:didier.trosset@acqiris.com]
Sent: Thursday, June 30, 2005 2:58 AM
To: users@subversion.tigris.org
Cc: John Szakmeister
Subject: Re: Kerberos Authentification + Authorization with groups

John Szakmeister wrote:
> On Wednesday 29 June 2005 12:26, Didier Trosset wrote:
>
>>Hi,
>>
>> ----- 8< -----
>>
> I've found that with kerberos authentication the @ACQIRIS.CH is
considered
> part of the username. Also, in the second version of your authz file,

> your missing the :/ (I can't remember if that really matters or not
> off hand, but I always put it there).
>

You're right. (The :/ were here.) It works now using:
   [svn-www:/]
   dtrosset@ACQIRIS.CH

But As soon as I try to create groups:
   [groups]
   www-editors = dtrosset@ACQIRIS.CH other@ACQIRIS.CH

   [svn-www:/]
   @www-editors

I got this 401 error again !

Do you know anything about this ?

And additionnal question, I guessed from all I have seen around the Web
that Kerberos is *the* solution for authenticating against a M$ Windows
Server 2003 (with Active Directory). Hope I'm guessing correctly?

Didier

> -John
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

--
Didier Trosset-Moreau
Acqiris <www.acqiris.com>
Geneva, Switzerland
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jun 30 17:22:17 2005

This is an archived mail posted to the Subversion Users mailing list.