RE: svnserve authenticating against Windows domain credentials

From: Scott Palmer <Scott_at_digital-rapids.com>
Date: Fri, 2 May 2008 10:22:17 -0400

Like I said, the docs suck. I can't make heads or tails of
windows.html. Too me it looks like at least GSSAPI is supported and I
thought that was the key to working with LDAP/Kerberos.

NTLM I thought was the same stuff that was used to authenticate with
Windows domains for file sharing on Mac/Linux boxes via Samba.
Apparently there is more too it.

The only thing I'm learning here is that this has been made deliberately
obtuse by people that want job security :-)

It's amazing that I can use (nearly) any browser on any platform to
securely access my bank records, but if I want to authenticate against a
domain login on Windows.. suddenly that's hard. :-)

I guess it's time to give up, or perhaps install a Linux server for our
source control. (You say it's relatively easy... but I still bet I
have to pull out a text editor and twiddle configuration files - the
unix community doesn't understand the concept of user-friendly software)

Thanks for your help.

Scott

-----Original Message-----
From: Mark Phippard [mailto:markphip_at_gmail.com]
Sent: May 2, 2008 10:10 AM
To: Scott Palmer
Cc: users_at_subversion.tigris.org
Subject: Re: svnserve authenticating against Windows domain credentials

On Fri, May 2, 2008 at 10:04 AM, Scott Palmer <Scott_at_digital-rapids.com>
wrote:
> Where do the docs state that LDAP and Kerberos aren't supported on
> Windows?

http://www.sendmail.org/~ca/email/cyrus2/windows.html

> The docs for SASL are such a complete mess that I admit I
> could hardly follow anything in them.
> Regardless.. if I have to resport to NTLM it should do the trick..
> otherwise why include it at all?

NTLM is not what you think it is. It has nothing to do with
authenticating against your Windows usernames. NTLM is an
authentication mechanism, like CRAM-MD5. In other words, it is a
specific way of doing a challenge/response.

http://en.wikipedia.org/wiki/NTLM

NTLM support in SASL is also not recommended (because DIGEST-MD5 is
better). Anyway, the point is that NTLM does not address the need to
authenticate using your Windows usernames.

The ironic thing here, is that a Linux server can be relatively easily
configured to use LDAP against your Active Directory.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org

Received on 2008-05-02 16:22:41 CEST

This message: [ Message body ]
Next message: Paul Koning: "Re: Efficient way to get the previous revision number"
Previous message: Mark Phippard: "Re: svnserve authenticating against Windows domain credentials"
In reply to: Mark Phippard: "Re: svnserve authenticating against Windows domain credentials"
Next in thread: Mark Phippard: "Re: svnserve authenticating against Windows domain credentials"
Reply: Mark Phippard: "Re: svnserve authenticating against Windows domain credentials"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]