[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn/spnego

From: Emily Stumpf <emily_at_ucdavis.edu>
Date: 2006-02-21 19:54:09 CET

Hum. Now, I've got it working on linux just fine, and almost on OS X,
but windows is still not working. It might be how I'm trying to enable
SPNEGO in Firefox?
Per this site:
http://open.itworld.com/5037/book_050425firefoxhacks/page_1.html

.. Down in the middle of of Hack #14

By going to about:config I set both of these to my svn server
("myserver.ucdavis.edu"):

|network.negotiate-auth.trusted-uris /* defaults to empty string */
network.negotiate-auth.delegation-uris /* defaults to empty string */|

Does that sound about right? I would Love to be directed to directions
for Internet Explorer/Firefox, if this does not sound right.

Thanks for any info!

Christopher Mason wrote:

>
> --On Wednesday, February 15, 2006 1:03 PM -0800 Emily Stumpf
> <emily@ucdavis.edu> wrote:
>
>> Did you ever post details on [authenticating subversion with spnego
>> on windows]? :)
>
>
> Emily-
>
> No, but now that subversion 1.3 is out this should be a bunch easier.
> Before you had to build a version of subversion that used neon 0.25,
> but subversion 1.3 uses this by default. I just downloaded and tried
> it and it seems to work.
>
> You'll need:
>
> apache (I have version 2.0.53)
> mod_auth_kerb (I have 5.0rc6)
> subversion >=1.3 (must be compiled against neon >= 0.25, but the
> win32 builds on subversion.tigris.org are)
>
> I use the following in my httpd.conf:
>
> <Location /testsrc>
> DAV svn
> SVNPath /var/testsrc
> AuthType Kerberos
> KrbAuthRealms MFAD.MFROOT.ORG
> Krb5Keytab /etc/httpd/conf/httpd.keytab
> KrbMethodNegotiate On
> KrbMethodK5Passwd on
> KrbSaveCredentials On
> AuthName "Authorization Realm"
> Require valid-user
> </Location>
>
> You'll need to create a keytab file with a service principal for HTTP
> (not http). If you can get, eg, firefox[1] to access a URL configured
> like /testsrc above, then you should be set. Google for mod_auth_kerb
> and this should get you started.
>
> One caveat: you must use the fully qualified domain name for this to
> work. The reasons for this are arcane (SPN canonicalization) and not
> worth explaining.
>
> Hope this helps,
>
> -c
>
>
> [1] Make sure you enable spnego in firefox.
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Feb 22 16:10:54 2006

This is an archived mail posted to the Subversion Users mailing list.