Put the kerberos configuration directives (AuthType, AuthName,
Krb5AuthRealms, etc) inside the <Location> ... </Location> block.
We have 1 serious problem with Kerberos authentication - when using
mod_auth_krb, we found that it performed 4 or more DNS lookups for
kerberos principals for each access check, and when using
AuthZSVNAccessFile access control to the repository, it re-authenticated
FOR EACH FILE as it check the access control. We improved things
slightly by configuring krb5.conf with IP numbers instead of names, so
that only 1 DNS lookup is performed per file, but there still seems to
be a lot of authentication traffic to our kerberos server. It seems that
mod_auth_krb is not caching the authentication, but checking for each file!
The end result on performance is quite large - svn log "http path to
project" took ~60 seconds on a LAN, svn log "svn+ssh path to project"
took ~ 3 seconds.
Tony Butt
CEA Technologies
Anders Lennartsson wrote:
> I have modauthkerb working nicely with a kerberos 5 realm and a config like this
>
> <Directory>
> AuthType Kerberos
> AuthName ...
> ...
> </Directory>
>
> How do I configure modauthkerb to be used for svn repositories, which
> are specified with a <Location> directive like
> <Location /svn>
> DAV svn
> SVNParentPath /var/lib/svn
> ...
> </Location>
>
> With svn 1.2.3 on Debian/Sarge I only aim for basic authentication
> over ssl/tls at this stage.
>
> Anders
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Nov 27 23:28:43 2005