RE: linux subversion client with Kerberos

From: <Nick.Thompson_at_infineon.com>
Date: Wed, 23 Jul 2008 14:16:46 +0200

Steve,

Yes, they do need their password the first time they connect, but as you say it is cached (with the username) for future use. This cache file is set as read/write to user only, so only root (and possibly sudo's) can read the contents.

As far as I know, SVN client on Unix/Linux only supports basic auth with http/https, so I don't see any other option at this time.

Nick.

________________________________
From: Steve Zeng [mailto:SteveZ_at_airg.com]
Sent: Tuesday, July 22, 2008 5:25 PM
To: Thompson Nick (IFGB COM PS CE PLSA CA); users_at_subversion.tigris.org
Subject: RE: linux subversion client with Kerberos

Nick,

Thanks. Do people need to enter password to establish SVN connection in your case? Plus, SVN will cache the passwords. It is a security concern.

Steve

________________________________
From: Nick.Thompson_at_infineon.com [mailto:Nick.Thompson_at_infineon.com]
Sent: July 22, 2008 4:57 AM
To: Steve Zeng; users_at_subversion.tigris.org
Subject: RE: linux subversion client with Kerberos

Steve

You *might* have better luck with KrbMethodNegotiate Off and possibly KrbMethodK5Passwd on. You might not, but it works for me :-)

Nick,

________________________________
From: Steve Zeng [mailto:SteveZ_at_airg.com]
Sent: Monday, July 21, 2008 10:09 PM
To: users_at_subversion.tigris.org
Subject: linux subversion client with Kerberos

Hello forks,

Basically I am looking for a linux subversion client which can do Kerberos authentication with Windows Active Directory. I've search the mail list archive and could not find one. Any help would be highly appreciated.

My SVN server is configured as Apache/Kerberos authentication. Currently I've successfully got Windows SVN client working.

<Location /svn>
   DAV svn
   SVNParentPath /var/www/svn/
   AuthzSVNAccessFile /var/www/svn/repos/conf/authz
   SSLRequireSSL

          AuthType Kerberos
          AuthName "Kerberos Login"
          KrbMethodNegotiate On
          KrbMethodK5Passwd Off
          KrbAuthRealms EXAMPLE.COM
          require valid-user
</Location>

Below is version of my SVN server and windows client.
1) subversion server
centos 5.1 i386
subversion-1.4.2
httpd-2.2.3-11
mod_auth_kerb-5.1

2) Windows Client (working)
Windows XP SP3
TortoiseSVN 1.4.0, Build 7501 - 32 Bit , 2006/09/15 21:34:55
Subversion 1.4.0,
apr 0.9.12
apr-iconv 0.9.7
apr-utils 0.9.12
berkeley db 4.4.20
neon 0.25.5
OpenSSL 0.9.8b 04 May 2006

Best Regards,
---------------------
Steve Zeng
Received on 2008-07-23 14:17:23 CEST

This message: [ Message body ]
Next message: Michael Reinelt: "svn 1.5 merge tracking svn:mergeinfo and svn diff --summarize"
Previous message: Sethuraman, Nirmala (NSN - IN/Bangalore): "Upgrading from subversion 1.4.3 to 1.5"
In reply to: Steve Zeng: "RE: linux subversion client with Kerberos"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]