[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion authenticating to different domains

From: Augusto Alvarez <augusto.alvarez82_at_gmail.com>
Date: Thu, 22 May 2008 14:31:46 -0300

The only module that I was using was authzn_ldap... adding authn_alias
module as Kevin recommended I could actually achieve that my subversion
authenticate users from two different domains.

Thanks!

Augusto

2008/5/22 <Nick.Thompson_at_infineon.com>:

> ________________________________________
> From: Augusto Alvarez
> Sent: Tuesday, May 20, 2008 10:38 PM
>
> Hello everyone,
>
> I'm doing some research about subversion deployment with apache2 and
> Windows Active Directory. I had succesfully deployed a subversion installed
> on openSUSE 10.3 x86, apache2 2.2.4-70 and authenticating with single
> Windows Active Directory... everything works great there.
>
> But I haven't found yet the way to accomplish for the SVN server manage
> authentication from two domains: I have two different domains (domainA.com
> and domainB.com) and I want to achieve that my subversion could authenticate
> any user from domainA.com and domainB.com... Basically I don't want to
> create users on domainA.com that actually belongs to domainB.com, just for
> allowing them to work on the same repositories.
>
> Is that in anyway possible???
> ________________________________________
>
> You didn't say what auth module you where using. We use mod_auth_kerb (and
> Kerberos of course) to authenticate against active directory. Kerberos
> allows you to define AD servers for multiple domains/realms and
> mod_auth_kerb can be configured to try authentication against each of those
> realms in turn. I use this to authenticate users across three windows
> domains:
>
> From /etc/krb5.conf:
>
> [realms]
> DOMAINA.COM <http://domaina.com/> = {
> kdc = domaina.example.com:88
> admin_server = domaina.example.com:749
> default_domain = example.com
> }
> DOMAINB.COM <http://domainb.com/> = {
> kdc = domainb.example.com:88
> admin_server = domainb.example.com:749
> default_domain = example.com
> }
>
> From ssl.conf:
>
> AuthType Kerberos
> AuthName "Windows User Login"
> KrbAuthRealms DOMAINA.COM <http://domaina.com/> DOMAINB.COM<http://domainb.com/>
> KrbMethodK5Passwd on
> KrbMethodK4Passwd off
> KrbVerifyKDC off
> KrbMethodNegotiate off
> KrbAppendRealm off
> Require valid-user
>
> Doesn't help you if you're not using Kerberos though :-(
>
Received on 2008-05-22 20:20:05 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.