"Gleason, Todd" <tgleason_at_impac.com> wrote on 10/23/2008 09:32:27 AM:
> Thanks Kevin. Can you confirm what size repository you?re using?
Thousands
> of files? At least a few hundred revisions and no performance problems
with
> svn log (and not using any sort of log caching)?
Our largest repo (served from windows using mod_auth_sspi) is around 50G
on the server. It has around 20k revisions and 130k files. It also
uses an AuthzSVNAccessFile with 1300 lines...
A full "svn log" of all 20k revision on the root path took around 5
minutes
and created about 90Mb of output. Neither the client or the server used
much CPU.
> Also I?m confused by the SSPIPerRequestAuth. Looking at
http://svn-summit.
> open.collab.net/wiki/RoundTableFeedback I see this:
>
> ? SSPI reprompting for auth credentials too often. (Once per Apache
child?
> Subversion creates too many RA sessions?)
> ? SSPI re-authenticates automatically. The mod_auth_sspi module
has
> an option "SSPIPerRequestAuth on" that, if turned on reduces the re-
> authentication to once per session. If turned off (the default), it re-
> authenticates a lot more
> It sounds like the SSPIPerRequestAuth is more ?chatty? if turned off, so
it
> sounds like you would want it on. See also
>
> http://svn.haxx.se/tsvnusers/archive-2008-07/1073.shtml
>
> where it says
>
> >> this will make SSPI only require new authentication for every
request,
> >> not every datapacket sent.
>
> So I don?t see how having SSPIPerRequestAuth off could be a good thing.
I believe this was documented "backwards". In any case, things were
really slow until I turned it "off", so that is where I left it.
Kevin R.
> From: kmradke_at_rockwellcollins.com [mailto:kmradke_at_rockwellcollins.com]
> Sent: Wednesday, October 22, 2008 9:27 AM
> To: Gleason, Todd
> Cc: Miha Vitorovic; SubVersion Users
> Subject: RE: NTLM lookup within hook script
>
>
> "Gleason, Todd" <tgleason_at_impac.com> wrote on 10/22/2008 06:33:44 AM:
> > Someone can correct me if I?m wrong, but I understood it to be the
case that
> > using Apache to do path-based security would cause extreme performance
> > problems with Subversion. Basically I thought that lookups would be
done on
> > every svn path for operations like svn log, update, and checkout,
which is a
> > dealbreaker since within a given repo we want uniform read access, and
high
> > performance. I thought this was one of the big reasons behind
svnperms. Did
> > I misunderstand?
>
> svnperms allows "action" based controls, such as add, but not delete,
etc.
> Path based only allows for R/O or R/W access.
>
> If you are on windows, you may also want to check out visualsvn server:
> http://www.visualsvn.com/server/
>
> It has a graphical management console to add/remove permissions on a
> per directory basis and will talk directly to your Active Directory
server.
> (Similar authentication to mod_auth_sspi)
>
> I haven't seen extreme performance problems using mod_auth_sspi.
> You will want to make sure to use "SSPIPerRequestAuth Off" in
> your config file though.
>
> Kevin R.
>
>
>
> > From: Miha Vitorovic [mailto:mvitorovic_at_nil.si]
> > Sent: Tuesday, October 21, 2008 11:26 PM
> > To: Gleason, Todd
> > Cc: SubVersion Users
> > Subject: Re: NTLM lookup within hook script
> >
> >
> > "Gleason, Todd" <tgleason_at_impac.com> wrote on 22.10.2008 04:36:28:
> >
> > > I?m trying to write a pre-commit hook script along the lines of
> > > svnperms. The script needs to do an NTLM lookup on the user
> > >
> > > The svn server is version 1.5.2 with Apache, running on a Windows
> > > server. I?m hoping to implement the script in Python though I don?t
> > > mind if I have to call into something else for the NTLM lookup.
> >
> > Todd,
> >
> > since you're on Apache, aren't you basically trying to reinvent the
wheel (
> > http://sourceforge.net/projects/mod-auth-sspi)?
> >
> > Br,
> > ---
> > Miha Vitorovic
> > Inženir v tehničnem področju
> > Customer Support Engineer
> >
> > NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana,
Slovenia
> > Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
Received on 2008-10-23 17:37:04 CEST