[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Windows svn/tortoise clients with an Apache 2.0.54/AuthenNTLM/svn 1.2.1/Linux server

From: Samay <getafix123_at_hotmail.com>
Date: 2005-08-09 02:39:25 CEST

----- Original Message -----
From: "Branko Čibej" <brane@xbc.nu>
To: "Samay" <getafix123@hotmail.com>
Cc: "GOVAERTS Lieven" <Lieven.GOVAERTS@post.be>;
<users@subversion.tigris.org>
Sent: Tuesday, August 09, 2005 10:32 AM
Subject: Re: Windows svn/tortoise clients with an Apache
2.0.54/AuthenNTLM/svn 1.2.1/Linux server

> Samay wrote:
>
>>
>> ----- Original Message ----- From: "GOVAERTS Lieven"
>> <Lieven.GOVAERTS@post.be>
>> To: <users@subversion.tigris.org>
>> Sent: Tuesday, August 09, 2005 1:42 AM
>> Subject: RE: RE: Windows svn/tortoise clients with an Apache
>> 2.0.54/AuthenNTLM/svn 1.2.1/Linux server
>>
>>
>>> Hi,
>>>
>>>
>>> For your information, we're using mod_ldap with Apache on a Suse 9.1
>>> server in a Windows domain and Active Directory authentication without
>>> problems.
>>> We had a problem with the openldap code crashing on invalid passwords,
>>> but that was solved by upgrading to the latest version of openldap (
>>> 2.2.27 ).
>>>
>>> This seems be to a nice and stable solution. Currently we have some 30
>>> users
>>> on Subversion, but our end goal is some 250, and I don't expect problems
>>> with the LDAP / AD part.
>>>
>>> Lieven.
>>>
>>>
>>
>> IMO, Mod_auth_kerb is better option for authentication, as its
>> lightweight and provides single-sign-on :) okay, specific to SVN clients,
>> when neon 0.25.x is part of it, but at least foundation is right there.
>> We are usine it for about 100+ users and works like a charm.
>
> Yes, I only wish there was a way to tell mod_auth_kerb to drop the realm
> name from the generated basic-auth user name... currently you get
> "fred@REALM" into your svn:author instead of just "fred."
>
> -- Brane
>
>

actually REALM is important if
a) one is authenticating agaisnt multiple AD domains. One need to know
user@REALM1 is different from user@REALM2.
b) specific to AD, user@REALM is the real user ID on AD, hence makes it easy
to implement access control on Apache, etc.
c) if AD is configured properly, then user@REALM also is the email address.

..SJ

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 9 02:41:09 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.