sanjeev.kumarroy_at_wipro.com wrote:
> Hi Matthias,
> I have the SVN setup in a linux machine and I need to get the
> authentication done from a Windows AD. I am not sure if VisualSVN works
> in Linux. Does it?
visualsvn won't work on a UNIX server.
In theory, there are two ways to get svn on a UNIX box authenticate against
AD. I say in theory, because I haven't managed to get either working yet:
1) svnserve
svnserve uses SASL, and can use any method SASL uses. In theory SASL can use
kerberos, but I have not managed to get it working against AD yet. There is
no point trying to get svnserve against AD until you get SASL itself
working. Check sasl-sample-server and sasl-sample-client. I really wish
svnserve were able to use pam instead of SASL !
2) apache + mod_auth_kerb
At least this is what I thought, but from my tests so far, svn (the client)
is not forwarding the kerberos ticket.
Note: Every time you try to use MIT kerberos against AD, generating keytabs
on the AD server is an issue. That is the advantage of apache +
mod_auth_kerb, it is mature, well documented (see
http://grolmsnet.de/kerbtut/) and relatively easy to setup, if and when
something does not work, you can pretty much assume there is a problem with
your keytabs -
It'd be good if we could get this working and documented properly, I do not
like the alternatives: subversion caches and exchange the password in clear,
and ssh add a huge cost due to encryption - not much for a few co/commit,
but it adds up quickly when say you use an automated software like
cruisecontrol.
--
Yves.
http://www.SollerS.ca
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-30 15:11:52 CEST