Re: svnserve authenticating against Windows domain credentials

On Fri, May 2, 2008 at 10:22 AM, Scott Palmer <Scott_at_digital-rapids.com> wrote:
> Like I said, the docs suck. I can't make heads or tails of
> windows.html. Too me it looks like at least GSSAPI is supported and I
> thought that was the key to working with LDAP/Kerberos.

It says GSSAPI has been tested using CyberSafe, which is a commercial
product. So no one is going to be able to create and distribute
binaries that use it.

> NTLM I thought was the same stuff that was used to authenticate with
> Windows domains for file sharing on Mac/Linux boxes via Samba.
> Apparently there is more too it.

NTLM, Kerberos, CRAM-MD5, DIGEST-MD5 are all ways for clients and
server to negotiate authentication credentials with each other. They
do not directly speak to what that back end "store" is which the
server is using the validate the credentials.

Windows clients used to only support NTLM as the way they
authenticated with file shares, which is why things like Samba needed
to support it.

I'd suspect the LDAP back-end could be made to work with Windows, but
as you say the docs suck so it will take someone that wants to spend
the time to understand the code and port it all to build and work on
Windows.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org