[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: NT Domain authentication with Subversion

From: Nick Thompson <nickthompson_at_agere.com>
Date: 2006-03-08 11:02:13 CET

On Tuesday 07 March 2006 21:06, Anderson, Allan wrote:
> Searching the archives, I've become confused about how best to
> allow Windows domain users to have Subversion access.
>
> I see on http://svnbook.red-bean.com/en/1.1/ch06.html that it says
> any form of Apache authentication will work: mod_dav_svn and I
> presume mod_ntlm and/or mod_sspi. I also see that a bug now marked
> fixed says these methods work as of 1.3RC3.
> http://subversion.tigris.org/issues/show_bug.cgi?id=1844
>
> Finally, there's this information on TortoiseSVN:
> http://tortoisesvn.sourceforge.net/docs/release/TortoiseSVN_en/ch03
>.html#tsv n-serversetup-apache-5
>
> This makes me think I'll be able to do this with SVN 1.3.x, after
> making sure I have Apache set up correctly.
>
> I'm curious: has anyone else done this recently? I see that it
> appears to work with the command line client and TortoiseSVN;
> should it also work with SmartSVN or other svn clients?
>
> I'm migrating from CVS on Solaris (with NIS authentication) to SVN
> or CVSNT on Solaris. Most developers here use Windows, but there
> are some Solaris and a few Linux users. My manager really, really
> wants to be able to use NT domain AD logins to allow access to
> source control for the Windows users. I'd like to make this work
> with SVN. I'd love some input from this list.
>
> Thanks, folks.

I just did something similar on a Linux server using stock 1.3.0
(though older versions should work). I used mod_auth_kerb to do
kerberos authentication is the DC. You need an up to date kerberos
install to work with a 2003 DC.

The thing about mod_auth_kerb is that is supports basic authentication
on the client side, which has been supported in svn for a long time.
The module also supports KDC ticket authentication, but I don't think
this works with current svn stock builds.

What this means then, is windows users still have to type in their
password and cache it if they don't want to supply it on every server
operation. This works fine. The issue is how securely does the svn
client store the password locally (not very, I believe).

Nick.

-- 
> Nick Thompson
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Mar 8 11:03:33 2006

This is an archived mail posted to the Subversion Users mailing list.