Thank you for your reply Andrey, This seems like a sane way to go. I will
try to rip of the the realms from the username from the kerebros apache
module before it hits subversion.
On Sun, May 17, 2009 at 12:07 AM, Andrey Repin <anrdaemon_at_freemail.ru>wrote:
> Greetings, shantanu vibhore!
>
> > I have been using subversion for path based authorization and hit a road
> > block. I have users who access the same repository with multiple kerberos
> > credentials. The authorization file specifies that you need to put them
> in
> > the aliases section.
>
> > [aliases]
>
> > usera = usera<kerberos realm>
>
>
> > Now if I have users accessing these repository through multiple
> principles
> > for e.g usera<realmA> and usera<realmB>. I have two ways here
>
> > Either I will have to group them together or try a way to rip of the
> realm
> > in the apache kerberos module. Any body having a solution will be great.
>
> At all times, if you can get rid of all unnecessary bloating in user
> identification before passing user names to Subversion and still maintain
> user
> authentity, do so.
>
> I've been hit by that question, too, in environment with multiple
> authoritative
> domains. Stripping leading <domainname>\ did the trick without cluttering
> svnauthz.
>
>
> --
> WBR,
> Andrey Repin (anrdaemon_at_freemail.ru) 16.05.2009, <22:33>
>
> Sorry for my terrible english...
>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2287498
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-05-17 05:49:53 CEST