[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: linux subversion client with Kerberos

From: Steve Zeng <SteveZ_at_airg.com>
Date: Wed, 23 Jul 2008 09:50:49 -0700

Shirish,

 

Thanks for the steps. I got errors when I run "svn ls" or "svn
checkout". It seems to me svn client does not know how to handle
Kerberos communication. Below are the details:

 

> a) linux svn install for client

Yum install subversion (on centos 5.1 i386 32bit)

      Installed: subversion.i386 0:1.4.2-2.el5

      Dependency Installed: neon.i386 0:0.25.5-5.1

 

> b) kinit userPrincipalName_at_DOMAIN.FQDN (Domain.fqdn must be all caps),

> it will ask ur password, please enter ur AD password. User principal

> name is typically ur user ID that u use to log on to the domain.

> c) if errors for time skew, sync ur linux client's clock.

> d) if errors due KDC, edit ur /etc/krb5.conf

> e) if no errors, do command, klist, it should show a krb5 ticket from
ur

> Active Directory DC

-bash-3.1$ klist

Ticket cache: FILE:/tmp/krb5cc_1054_Ls3mwz

Default principal: stevez_at_EXAMPLE.COM

Valid starting Expires Service principal

07/23/08 16:42:17 07/24/08 02:42:16 krbtgt/EXAMPLE.COM_at_EXAMPLE.COM

        renew until 07/24/08 02:42:17

 

> f) svn ls https://URL/path/to/repo

 

svn ls https://officeg3.example.com/svn/repos/

svn: PROPFIND request failed on '/svn/repos'

svn: PROPFIND of '/svn/repos': 401 Authorization Required
(https://officeg3.example.com)

 

> g) u will need to renew ur ticket using "kinit -R", u can execute this

> via crontab.

>

> Above is also required if you wish to achieve single sign on with say

> Firefox etc on Linux.

>

> should work fine. If issues, provide details.

>

> cheers

>

> Shirish

>

> Steve Zeng wrote:

> >

> > Hello forks,

> >

> > Basically I am looking for a linux subversion client which can do

> > Kerberos authentication with Windows Active Directory. I've search
the

> > mail list archive and could not find one. Any help would be highly

> > appreciated.

> >

> > My SVN server is configured as Apache/Kerberos authentication.

> > Currently I've successfully got Windows SVN client working.

> >

> > <Location /svn>

> >

> > DAV svn

> >

> > SVNParentPath /var/www/svn/

> >

> > AuthzSVNAccessFile /var/www/svn/repos/conf/authz

> >

> > SSLRequireSSL

> >

> > AuthType Kerberos

> >

> > AuthName "Kerberos Login"

> >

> > KrbMethodNegotiate On

> >

> > KrbMethodK5Passwd Off

> >

> > KrbAuthRealms EXAMPLE.COM

> >

> > require valid-user

> >

> > </Location>

> >

> > Below is version of my SVN server and windows client.

> >

> > 1) subversion server

> >

> > centos 5.1 i386

> >

> > subversion-1.4.2

> >

> > httpd-2.2.3-11

> >

> > mod_auth_kerb-5.1

> >

> > 2) Windows Client (working)

> >

> > Windows XP SP3

> >

> > TortoiseSVN 1.4.0, Build 7501 - 32 Bit , 2006/09/15 21:34:55

> >

> > Subversion 1.4.0,

> >

> > apr 0.9.12

> >

> > apr-iconv 0.9.7

> >

> > apr-utils 0.9.12

> >

> > berkeley db 4.4.20

> >

> > neon 0.25.5

> >

> > OpenSSL 0.9.8b 04 May 2006

> >

> > Best Regards,

> >

> > ---------------------

> >

> > Steve Zeng

> >

 
Received on 2008-07-24 08:33:29 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.