[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Subversion authenticating to different domains

From: <Nick.Thompson_at_infineon.com>
Date: Thu, 22 May 2008 14:17:40 +0200

From: Augusto Alvarez
Sent: Tuesday, May 20, 2008 10:38 PM

 Hello everyone,

 I'm doing some research about subversion deployment with apache2 and Windows Active Directory. I had succesfully deployed a subversion installed on openSUSE 10.3 x86, apache2 2.2.4-70 and authenticating with single Windows Active Directory... everything works great there.

 But I haven't found yet the way to accomplish for the SVN server manage authentication from two domains: I have two different domains (domainA.com and domainB.com) and I want to achieve that my subversion could authenticate any user from domainA.com and domainB.com... Basically I don't want to create users on domainA.com that actually belongs to domainB.com, just for allowing them to work on the same repositories.

 Is that in anyway possible???

You didn't say what auth module you where using. We use mod_auth_kerb (and Kerberos of course) to authenticate against active directory. Kerberos allows you to define AD servers for multiple domains/realms and mod_auth_kerb can be configured to try authentication against each of those realms in turn. I use this to authenticate users across three windows domains:

From /etc/krb5.conf:

  kdc = domaina.example.com:88
  admin_server = domaina.example.com:749
  default_domain = example.com
  kdc = domainb.example.com:88
  admin_server = domainb.example.com:749
  default_domain = example.com

From ssl.conf:

    AuthType Kerberos
    AuthName "Windows User Login"
    KrbMethodK5Passwd on
    KrbMethodK4Passwd off
    KrbVerifyKDC off
    KrbMethodNegotiate off
    KrbAppendRealm off
    Require valid-user

Doesn't help you if you're not using Kerberos though :-(

To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-05-22 14:18:07 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.