[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index


From: Christopher Mason <Mason.Christopher_at_mayo.edu>
Date: 2006-02-15 22:50:19 CET

--On Wednesday, February 15, 2006 1:03 PM -0800 Emily Stumpf
<emily@ucdavis.edu> wrote:

> Did you ever post details on [authenticating subversion with spnego
> on windows]? :)


No, but now that subversion 1.3 is out this should be a bunch easier.
Before you had to build a version of subversion that used neon 0.25,
but subversion 1.3 uses this by default. I just downloaded and tried
it and it seems to work.

You'll need:

apache (I have version 2.0.53)
mod_auth_kerb (I have 5.0rc6)
subversion >=1.3 (must be compiled against neon >= 0.25, but the
win32 builds on subversion.tigris.org are)

I use the following in my httpd.conf:

<Location /testsrc>
   DAV svn
   SVNPath /var/testsrc
   AuthType Kerberos
   KrbAuthRealms MFAD.MFROOT.ORG
   Krb5Keytab /etc/httpd/conf/httpd.keytab
   KrbMethodNegotiate On
   KrbMethodK5Passwd on
   KrbSaveCredentials On
   AuthName "Authorization Realm"
   Require valid-user

You'll need to create a keytab file with a service principal for HTTP
(not http). If you can get, eg, firefox[1] to access a URL
configured like /testsrc above, then you should be set. Google for
mod_auth_kerb and this should get you started.

One caveat: you must use the fully qualified domain name for this to
work. The reasons for this are arcane (SPN canonicalization) and not
worth explaining.

Hope this helps,


[1] Make sure you enable spnego in firefox.

[ Christopher Mason  MPRC Bioinformatics  http://proteomics ]
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Feb 15 23:07:47 2006

This is an archived mail posted to the Subversion Users mailing list.