On 2008-09-05 19:54, Purple Streak wrote:
> Has anyone managed this? I'm just using the windows binaries download from
> tigris (apache 2.2 ones as it happens). And from reading about SASL it
> should be possible to use this to authenticate users with a windows domain.
> However I've tried and I can't find any documentation on how, or rather any
> I can follow!
> It seems there would be 2 options, using NTLM or GSSAPI. However I can't
> find anything on getting the NTLM plugin to work, and the GSSAPI plugin
> doesn't seem to be with the binaries, and I can't seem to find it for
> download anywhere.
> So my 2 questions are has anyone managed to get either of these working
> (purely on a windows svnserve and client) and is there a reason the GSSAPI
> plugin isn't built with subversion (or is it just not built on windows?)
1. Yes. I have saslGSSAPI.dll built and working with svnserver
and MIT Kerberos, which allows a Windows domain user to
authenticate to a svnserve repository using GSSAPI. Getting "NTLM"
working isn't exactly an option, but you don't want to anyway, as
GSSAPI is better. Getting SSPI to do Negotiate/SPNEGO on https://
should work out of the box. Getting Cyrus SASL to link against
SSPI to do GSSAPI is probably a fair bit of work that I haven't
tried to undertake.
So, if you're willing to do https:// and use SSPI for windows
login, and you can set up mod_auth_kerb, you've got nice
single-sign-on for windows. With a bit of work, you can do GSSAPI
over svnserve (with MIT Kerberos) and get SSO for Windows domain
users as well. Doing GSSAPI with SSPI would require someone to
write some real code in Cyrus SASL. Maybe someone already has, but
I haven't noticed it.
2. It's... complicated. There's similar discussion on the Tortoise
list. To get saslGSSAPI.dll to build you need MIT Kerberos
installed, and you need to tweak Cyrus SASL to link against MIT
rather than cybersafe. It isn't terribly difficult, but it's not
Alec.Kloss_at_oracle.com Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956
Received on 2008-09-05 21:30:42 CEST
- application/pgp-signature attachment: stored