Re: Client authentication with Kerberos ticket

From: D.J. Heap <djheap_at_gmail.com>
Date: 2006-12-20 17:15:37 CET

On 12/20/06, Yves Martin <yves.martin@elca.ch> wrote:
[snip]
> The answer is yes (if SSL) but no (if not SSL) !
>
> Reading the code neon/src/ne_auth.c (around line 1050),
> the SSPI/Negotiate or SSPI/NTLM or Digest
> or Basic methods are tried whatever the http/https mode.
>
> BUT the GSSAPI/Negotiate is only tried with SSL ?
> Why ? Is GSSAPI over http less secure than Basic over http ?
>

I'm not an auth expert, but my understanding is that they are not
really secure over http. Why BASIC is allowed and the others are not
is because (I think) everyone knows that BASIC isn't secure, but the
others imply safety where there really isn't any.

In any case, the next major release of Subversion will include a
config option to turn them on over http if you really want to.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 20 17:59:28 2006

This message: [ Message body ]
Next message: Ramanathan Muthaiah: "Re: specifying SVNPath as a network share in httpd.conf file"
Previous message: Méresse Christophe: "RE: Merging branch into trunk"
In reply to: Yves Martin: "Re: Client authentication with Kerberos ticket"
Next in thread: Steinar Bang: "Re: Client authentication with Kerberos ticket"
Reply: Steinar Bang: "Re: Client authentication with Kerberos ticket"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]