[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Help: Apache2, Kerberos, AD, caching authentication?

From: Derek Hoffman <derek.hoffman_at_benham.com>
Date: Wed, 16 Sep 2009 21:03:21 -0500

Thank you for the reply Andrey.

I looked into it more realized that it was actually multiple DNS
requests caused by me using a FQDN for the KDC in my krb5.conf file. I
changed it to use the IP address of the KDC instead and everything has
sped up a great deal.

I'm thinking that I should ask the authors of the apache kerberos module
about this, and get their opinion on it.

Thanks again,

On Wed, 2009-09-16 at 16:43 -0500, Andrey Repin wrote:
> Greetings, Hoffman, Derek A.!
> > Background: My server is using Kerberos to authenticate users
> against an
> > Active Directory server. Our typical repository contains 50 to 200
> mix
> > format files (e.g. word docs, excel, visio, bitmaps, text files,
> etc.).
> > Issue: There's a substantial delay when checking out, committing, or
> > updating. I believe Apache is doing a Kerberos authentication for
> > file within the repo when doing a checkout or commit.
> To my knowledge, this shouldn't be an issue, unless you separately
> requesting
> each file.
> Have no real experience with Apache/KRB auth, though...
> > Netstat on the svn
> > server shows a large number of connections to the AD Server in the
> > WAITING state. There is a slight delay (maybe 0.5s) for Kerberos
> > authentication (svn server is in a separate city from the AD server
> and
> > must traverse corporate WAN).
> > Question: Is there any sort of method that would allow the apache
> server
> > to cache these Kerberos authentications so that it wouldn't have to
> > perform an authentication request for every file?
> --
> WBR,
> Andrey Repin (anrdaemon_at_freemail.ru) 17.09.2009, <1:42>
> Sorry for my terrible english...


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-17 04:04:29 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.