[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: AD authentication for SVN

From: Craig McQueen <Craig_McQueen_at_aapl.com.au>
Date: Fri, 1 Aug 2008 14:15:42 +1000

I tried that. Note that on my Linux PC, PAM is set up to automatically
create the Kerberos ticket when a user logs in.

In Firefox on the Linux PC, it asks for username and password, and then
I can browse the repository. No single-sign-on. It appears that Firefox
is using the username and password to complete the NTLM protocol (I say
this because if I press Esc then it pops up _another_ dialog again
asking for username and password, but this time prompting with the Basic
authentication string; this is the Basic authentication fall-back). What
Firefox is _not_ doing is knowing where to get cached NTLM data for
single-sign-on.

Craig

> -----Original Message-----
> From: Shirish Jain [mailto:lists_at_getafix.net]
> Sent: Friday, 1 August 2008 1:13 PM
> To: Craig McQueen
> Subject: Re: AD authentication for SVN
>
> G'day,
>
> On Linux clients, does it work for Firefox to browse ur SVN repo using
> a) kinit userid_at_REALM (dependent on correct krb5.conf and time-sync)
> b) firefox about:config netwok.negotiate-auth.trusted-uris
> https://.doman/for/SVN/server
> c) go to the SVN URL
>
> if it works, you may be able to use Linux SVN client with
> your mod_sspi
> enabled server. Mod_auth_kerb, AFAIK, is not supported on Windows.
>
> cheers
>
> SJ
>
> Craig McQueen wrote:
> > Is it possible to get mod_auth_kerb working on a _Windows_ Apache
> > server?
> >
> > We've got our Windows 2003 + Apache 2.2.9 + SVN 1.2.3 (soon
> to be 1.5)
> > server doing single-sign-on using SSPI. It works nicely for Windows
> > clients but our Linux clients can't do SSPI single-sign-on.
> The Linux
> > clients are integrated with AD authentication (winbind,
> Samba, etc), and
> > should be able to use Kerberos tickets for single-sign-on.
> >
> > Regards,
> > Craig McQueen
> >
> >
> >
> >> -----Original Message-----
> >> From: Shirish Jain [mailto:lists_at_getafix.net]
> >> Sent: Friday, 1 August 2008 11:05 AM
> >> To: sanjeev.kumarroy_at_wipro.com; users_at_subversion.tigris.org
> >> Subject: Re: AD authentication for SVN
> >>
> >> yes & yes. For server side follow instructions at
> >> http://www.grolmsnet.de/kerbtut/ this provides either
> Single-Sign-On
> >> and/or k5passwd.
> >>
> >> ..SJ
> >>
> >> sanjeev.kumarroy_at_wipro.com wrote:
> >>
> >>> Hi Shirish,
> >>> I have my SVN setup on the redhat machine with APACHE support.
> >>> I need to use the AD of a windows machine to authenticate the SVN.
> >>> I am not sure if it works. Please let me know if you have
> >>>
> >> set this up.
> >>
> >>> Thanks,
> >>> Sanjeev
> >>>
> >>> -----Original Message-----
> >>> From: Shirish Jain [mailto:lists_at_getafix.net]
> >>> Sent: Wednesday, July 30, 2008 6:50 PM
> >>> To: Sanjeev KumarRoy (WT01 - Software Products IPG);
> >>> users_at_subversion.tigris.org
> >>> Subject: Re: AD authentication for SVN
> >>>
> >>> see http://www.grolmsnet.de/kerbtut/ for details on setting up
> >>> Apache/Linux auth against AD.
> >>>
> >>> sanjeev.kumarroy_at_wipro.com wrote:
> >>>
> >>>
> >>>> Hi Matthias,
> >>>> I have the SVN setup in a linux machine and I need to get the
> >>>> authentication done from a Windows AD. I am not sure if VisualSVN
> >>>>
> >>>>
> >>> works
> >>>
> >>>
> >>>> in Linux. Does it?
> >>>>
> >>>> Regards,
> >>>> Sanjeev
> >>>>
> >>>> -----Original Message-----
> >>>> From: Matthias Fechner [mailto:idefix_at_fechner.net]
> >>>> Sent: Wednesday, July 16, 2008 5:32 PM
> >>>> To: Sanjeev KumarRoy (WT01 - Software Products)
> >>>> Cc: users_at_subversion.tigris.org
> >>>> Subject: Re: AD authentication for SVN
> >>>>
> >>>> Hi,
> >>>>
> >>>> sanjeev.kumarroy_at_wipro.com wrote:
> >>>>
> >>>>
> >>>>
> >>>>> Can someone please guide me as to how I can set up the
> >>>>>
> >> subversion for
> >>
> >>>>>
> >>>>>
> >>>>>
> >>>> AD
> >>>>
> >>>>
> >>>>
> >>>>> authentication?
> >>>>>
> >>>>>
> >>>>>
> >>>> I used the following package:
> >>>> http://www.visualsvn.com/server/
> >>>>
> >>>> I easily installed and selected authorization against AD and
> >>>>
> >>>>
> >>> everything
> >>>
> >>>
> >>>> was running fine (done in 5 minutes).
> >>>>
> >>>> Best regards,
> >>>> Matthias
> >>>>
> >>>>
> >>>>
> >>>>
> >>> Please do not print this email unless it is absolutely necessary.
> >>>
> >>> The information contained in this electronic message and
> >>>
> >> any attachments to this message are intended for the
> >> exclusive use of the addressee(s) and may contain
> >> proprietary, confidential or privileged information. If you
> >> are not the intended recipient, you should not disseminate,
> >> distribute or copy this e-mail. Please notify the sender
> >> immediately and destroy all copies of this message and any
> >> attachments.
> >>
> >>> WARNING: Computer viruses can be transmitted via email. The
> >>>
> >> recipient should check this email and any attachments for the
> >> presence of viruses. The company accepts no liability for any
> >> damage caused by any virus transmitted by this email.
> >>
> >>> www.wipro.com
> >>>
> >>>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> >> For additional commands, e-mail: users-help_at_subversion.tigris.org
> >>
> >>
> >>
> >>
> > - The contents of this email, and any attachments, are
> strictly private and confidential.
> > - It may contain legally privileged or sensitive
> information and is intended solely for the individual or
> entity to which it is addressed.
> > - Only the intended recipient may review, reproduce,
> retransmit, disclose, disseminate or otherwise use or take
> action in reliance upon the information contained in this
> email and any attachments, with the permission of Australian
> Arrow Pty. Ltd.
> > - If you have received this communication in error, please
> reply to the sender immediately and promptly delete the email
> and attachments, together with any copies, from all computers.
> > - It is your responsibility to scan this communication and
> any attached files for computer viruses and other defects and
> we recommend that it be subjected to your virus checking
> procedures prior to use.
> > - Australian Arrow Pty. Ltd. does not accept liability for
> any loss or damage of any nature, howsoever caused, which may
> result directly or indirectly from this communication or any
> attached files.
> > - Please think before printing this email. Environmental
> Balance is Everyone's Job.
> >
>
>
>
- The contents of this email, and any attachments, are strictly private and confidential.
- It may contain legally privileged or sensitive information and is intended solely for the individual or entity to which it is addressed.
- Only the intended recipient may review, reproduce, retransmit, disclose, disseminate or otherwise use or take action in reliance upon the information contained in this email and any attachments, with the permission of Australian Arrow Pty. Ltd.
- If you have received this communication in error, please reply to the sender immediately and promptly delete the email and attachments, together with any copies, from all computers.
- It is your responsibility to scan this communication and any attached files for computer viruses and other defects and we recommend that it be subjected to your virus checking procedures prior to use.
- Australian Arrow Pty. Ltd. does not accept liability for any loss or damage of any nature, howsoever caused, which may result directly or indirectly from this communication or any attached files.
- Please think before printing this email. Environmental Balance is Everyone's Job.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-08-01 06:16:07 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.