RE: What is the Better Authentication mode: SSPI or LDAP?
From: nikhil gupta <ng_g20_at_hotmail.com>
Date: 2007-06-18 10:08:32 CEST
> Date: Wed, 13 Jun 2007 20:01:28 +1000> From: lists_at_getafix.net> To: ng_g20_at_hotmail.com> CC: users_at_subversion.tigris.org> Subject: Re: What is the Better Authentication mode: SSPI or LDAP?> > nikhil gupta said the following on 6/13/2007 7:28 PM:> > Hi There,> > > > I'm evaluating which authentication mode to use while setting up SVN > > using Apache. We need to make a cut between SSPI & LDAP. I was > > searching the net for various differences between the two but was not > > able to get much detail.> > > > Could anyone from the group throw some light upon which one is better > > & why?> > What are the various security aspects of the two modes?> if using non-SSPI authentication & SVN win32 command line, user > credentials and password are stored in clear text on the local user > profile. There goes the security. In case of SSPI, u dont have to worry > about these. End user perspective, every time user changes the password, > if do not change the stored password in SVN profile, chances are > accounts will get locked out! Signle-sign-on is true reality with SSPI. > Downside of SSPI only server authentication setup, user cannot generally > use the "--username --password" options on WIN32 command line. Which IMO > is a better security as no more spoofing identity!> > There are stability issues of SVN client side SSPI authentication, due > to inherent weaknesses of Neon library(http://www.webdav.org/neon), > which means, you may need to grab patches from Neon Trunk, and > compile/distribute your own SVN clients. (search the mailing list > archives for SSPI/GSSAPI authentication issues)> Hope this helps.> > ..Shirish
This is an archived mail posted to the Subversion Users mailing list.