You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by nikhil gupta <ng...@hotmail.com> on 2007/06/13 09:28:32 UTC
What is the Better Authentication mode: SSPI or LDAP?
Hi There,
I'm evaluating which authentication mode to use while setting up SVN using Apache. We need to make a cut between SSPI & LDAP. I was searching the net for various differences between the two but was not able to get much detail.
Could anyone from the group throw some light upon which one is better & why?
What are the various security aspects of the two modes?
Any information will be helpful.
Thanks
Nikhil
_________________________________________________________________
Sign in and get updated with all the action!
http://content.msn.co.in/Sports/FormulaOne/Default
Re: What is the Better Authentication mode: SSPI or LDAP?
Posted by Shirish Jain <li...@getafix.net>.
Greg Thomas said the following on 6/13/2007 8:24 PM:
> No they are not.
> http://subversion.tigris.org/faq.html#plaintext-passwords
>
> Greg
>
I stand corrected. Thanks.
SJ
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: What is the Better Authentication mode: SSPI or LDAP?
Posted by Greg Thomas <th...@omc.bt.co.uk>.
On Wed, 13 Jun 2007 20:01:28 +1000, Shirish Jain <li...@getafix.net>
wrote:
>if using non-SSPI authentication & SVN win32 command line, user
>credentials and password are stored in clear text on the local user
>profile.
No they are not.
http://subversion.tigris.org/faq.html#plaintext-passwords
Greg
--
This post represents the views of the author and does
not necessarily accurately represent the views of BT.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: What is the Better Authentication mode: SSPI or LDAP?
Posted by Shirish Jain <li...@getafix.net>.
nikhil gupta said the following on 6/13/2007 7:28 PM:
> Hi There,
>
> I'm evaluating which authentication mode to use while setting up SVN
> using Apache. We need to make a cut between SSPI & LDAP. I was
> searching the net for various differences between the two but was not
> able to get much detail.
>
> Could anyone from the group throw some light upon which one is better
> & why?
> What are the various security aspects of the two modes?
if using non-SSPI authentication & SVN win32 command line, user
credentials and password are stored in clear text on the local user
profile. There goes the security. In case of SSPI, u dont have to worry
about these. End user perspective, every time user changes the password,
if do not change the stored password in SVN profile, chances are
accounts will get locked out! Signle-sign-on is true reality with SSPI.
Downside of SSPI only server authentication setup, user cannot generally
use the "--username --password" options on WIN32 command line. Which IMO
is a better security as no more spoofing identity!
There are stability issues of SVN client side SSPI authentication, due
to inherent weaknesses of Neon library(http://www.webdav.org/neon),
which means, you may need to grab patches from Neon Trunk, and
compile/distribute your own SVN clients. (search the mailing list
archives for SSPI/GSSAPI authentication issues)
Hope this helps.
..Shirish
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org