On Fri, Mar 09, 2007 at 02:16:51PM -0700, Wesley J. Landaker wrote:
> On Friday 09 March 2007 12:53, Michael Richters wrote:
> > When using apache with mod_auth_kerb, $REMOTE_USER contains the whole
> > kerberos principal name, including "@REALM". This makes it difficult
> > to maintain a repository that uses both mod_auth_kerb and some other
> > method of access. Is there any way to configure subversion so that
> > the realm is stripped from the username?
>
> I ran across this problem in one installation and ended up concluding that
> to get it to work I'd have to either hack the mod_auth_kerb source, which
> would be easy but a pain to track on upgrades, etc, or use principal@REALM
> for usernames in SVN, which would be unacceptable.
>
> So instead, I just used mod_auth_pam at let the Linux PAM system handle the
> kerberos authentication transparently instead.
Does mod_auth_pam do SPNEGO authentication, allowing the users to use
their kerberos tickets to authenticate without the use of passwords?
--Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Mar 10 00:05:17 2007