SVN Authentication SASL GSSAPI on EL6
From: Prashanth Sundaram <prashanth.sundaram_at_laurioncap.com>
Date: Tue, 7 Aug 2012 17:52:09 +0000
Hello,
I have seen a lot of threads in the archives but none seem to have solved the issues or apply to my current requirement. I did extensive search before writing here.
We currently use the auth_ldap with apache for authentication and due to security compliance we have to change the auth for SVN. The requirement is pretty simple: Users cannot save password unencrypted locally on clients. Of course, the password can be set to encrypt by individual users by editing the ''servers'' file but due to size of the firm, we cannot monitor this and be sure that they are doing it.
The repo must be accessible via HTTPS for different servers and support Windows and Unix clients. I am hosting repo on a RHEL6.2 host via Apache and use SASL-GSSAPI to authenticate via Kerberos.(Server 2008 R2).
I have been struggling to get SASL + GSSAPI to work and wanted to get some help with same.
==== /etc/httpd/conf.d/svn..conf =====
<VirtualHost 10.10.1.166:80>
<VirtualHost 10.10.1.166:443>
ErrorLog /var/log/httpd/error.log
SSLEngine on
<Location />
#Kerberos Authentication
# Disallow anonymous access
===== /etc/sasl2/svn.conf =====
==== /etc/krb5.keytab ====
===== /proj/svn/svn.domain.corp/conf/svnserv.conf =====
[sasl]
Thanks,
________________________________
The information in this message, including any attachment, is confidential and intended for use only by the designated recipient(s) named above. It is the property of Laurion Capital Management LP or its affiliates. If you are not the intended recipient, please return the message to the sender and delete all copies of it, including attachments, from your computer. Unauthorized use, disclosure, dissemination or copying of this message or any part hereof is strictly prohibited. This message is for information purposes only. The information expressed herein may be changed at any time without notice or obligation to update.
No warranty is made as to the completeness or accuracy of the information contained in this communication. Any views or opinions presented are those of only the author and do not necessarily represent those of Laurion Capital Management LP or its related entities. This communication is for information purposes only and should not be regarded as an offer, solicitation or recommendation to sell or purchase any security or other financial product.
Email transmission cannot be guaranteed to be secure, virus-free or error-free. Therefore, we do not represent that this message is virus-free, complete or accurate and it should not be relied upon as such. Laurion Capital Management LP and its affiliates accept no liability for any damage sustained in connection with the content or transmission of this message.
Laurion Capital Management LP and its related entities reserve the right to monitor all e-mail communications through their networks.
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.