You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Jerry Haltom <wa...@larvalstage.net> on 2005/03/09 17:57:47 UTC
SSPI support
I am in real bad need of proper single sign-on support for Subversion on
Windows at least (Linux would be pretty rad too). I am pitching
Subversion and it's associated application bundle (including CollabNet)
as an alternative to some of the other commercial offerings at my
company. Some of our security policies require single sign-on in any
application deployed. Smart cards are in use, etc.
I have successfully configured Apache to support SSPI authentication.
This is pretty awesome. This works perfectly with IE when browsing to
http://server/svn/repository. It never once asks for credentials, yet it
is secure.
Using TortoiseSVN and/or the command line SVN client however, I am
prompted for login. Sure, the user name and password integrates, but it
is not single sign-on.
I suppose my questions are pretty simple. Can this be made to work? What
is holding it back? Who do I have to sleep with to get it?
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SSPI support
Posted by Mark Phippard <Ma...@softlanding.com>.
Jerry Haltom <wa...@larvalstage.net> wrote on 03/09/2005 01:17:50 PM:
> I did not have to enter my user name into IE. It simply knew. It might
> be buggy though. I'll have to see. =/
When I do it with IE, I am prompted to login. My username is filled in,
but I still have to enter a password. I assumed it should just log in
automatically?
> Tortoise asks for the user information though.
When Neon supports SSPI, Tortoise should just work.
> This is good news to me that the later Neon works.
I didn't say it works, just that someone has added support for it :)
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SSPI support
Posted by Jerry Haltom <wa...@larvalstage.net>.
I did not have to enter my user name into IE. It simply knew. It might
be buggy though. I'll have to see. =/
Tortoise asks for the user information though.
This is good news to me that the later Neon works.
On Wed, 2005-03-09 at 13:10 -0500, Mark Phippard wrote:
> Jerry Haltom <wa...@larvalstage.net> wrote on 03/09/2005 12:57:47 PM:
>
> > I am in real bad need of proper single sign-on support for Subversion on
> > Windows at least (Linux would be pretty rad too). I am pitching
> > Subversion and it's associated application bundle (including CollabNet)
> > as an alternative to some of the other commercial offerings at my
> > company. Some of our security policies require single sign-on in any
> > application deployed. Smart cards are in use, etc.
> >
> > I have successfully configured Apache to support SSPI authentication.
> > This is pretty awesome. This works perfectly with IE when browsing to
> > http://server/svn/repository. It never once asks for credentials, yet it
> > is secure.
> >
> > Using TortoiseSVN and/or the command line SVN client however, I am
> > prompted for login. Sure, the user name and password integrates, but it
> > is not single sign-on.
> >
> > I suppose my questions are pretty simple. Can this be made to work? What
> > is holding it back? Who do I have to sleep with to get it?
>
> It needs to be supported in the Neon layer. I believe support for SSPI
> has been added in the Neon trunk, so this should make its way into
> Subversion in a future release. Hopefully by 1.2. You could build
> Subversion and TortoiseSVN yourself and add the patched SSPI support for
> Neon when you do the build if you wanted it sooner.
>
> That being said, I am not sure that mod_sspi works perfectly. If I browse
> my svn repository using Internet Explorer, in theory I would expect to not
> be prompted for a password since IE supports SSPI with an IIS server. Yet,
> I still have to enter my username and password. This makes me wonder if
> mod_sspi is really providing this feature 100% or if it is really just
> letting me use my Active Directory usernames and passwords.
>
> Mark
>
>
> _____________________________________________________________________________
> Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
> _____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SSPI support
Posted by Mark Phippard <Ma...@softlanding.com>.
Jerry Haltom <wa...@larvalstage.net> wrote on 03/09/2005 12:57:47 PM:
> I am in real bad need of proper single sign-on support for Subversion on
> Windows at least (Linux would be pretty rad too). I am pitching
> Subversion and it's associated application bundle (including CollabNet)
> as an alternative to some of the other commercial offerings at my
> company. Some of our security policies require single sign-on in any
> application deployed. Smart cards are in use, etc.
>
> I have successfully configured Apache to support SSPI authentication.
> This is pretty awesome. This works perfectly with IE when browsing to
> http://server/svn/repository. It never once asks for credentials, yet it
> is secure.
>
> Using TortoiseSVN and/or the command line SVN client however, I am
> prompted for login. Sure, the user name and password integrates, but it
> is not single sign-on.
>
> I suppose my questions are pretty simple. Can this be made to work? What
> is holding it back? Who do I have to sleep with to get it?
It needs to be supported in the Neon layer. I believe support for SSPI
has been added in the Neon trunk, so this should make its way into
Subversion in a future release. Hopefully by 1.2. You could build
Subversion and TortoiseSVN yourself and add the patched SSPI support for
Neon when you do the build if you wanted it sooner.
That being said, I am not sure that mod_sspi works perfectly. If I browse
my svn repository using Internet Explorer, in theory I would expect to not
be prompted for a password since IE supports SSPI with an IIS server. Yet,
I still have to enter my username and password. This makes me wonder if
mod_sspi is really providing this feature 100% or if it is really just
letting me use my Active Directory usernames and passwords.
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org