You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Mi...@Monitor.com on 2008/05/15 14:37:30 UTC

How to configure svnserve Windows Domain authentication

Hi:

I'm new to Subversion (my company is thinking seriously of migrating from 
Perforce and VSS), and I'm trying to get Subversion 1.5.0 rc5 running (I 
downloaded the installer from 
http://merge-tracking.open.collab.net/servlets/ProjectProcess?tab=4).

I'm trying to get svnserve configured to authenticate against our Windows 
Domain - I understand that the new SASL support in 1.5.0 should make this 
possible.  BTW, svnserve will be running on Windows 2003 Server.  I know I 
could get domain authentication by using Apache, but I'd much rather be 
able to use svnserve because it appears simpler to set up/manage and is 
supposed to be more performant.

I could really use some help in getting SASL configured.  I've spent a few 
days Googling for any info on how to do this, and everything I've found is 
UNIX oriented and/or assumes a level of knowledge I just don't have.

Here's what I've done so far,

I added

[sasl]
use-sasl = true

to svnserve.conf.

I created svn.conf in the Subversion bin directory (in my case C:\Program 
Files\Subversion) containing

mech_list: gssapi

svnserve seems to be paying attention to this, because TortoiseSvn returns 
the error 'Could not obtain the list of SASL mechanisms', and if I replace 
gssapi with DIGEST-MD5 (for example), I get an authentication failure.

I also see that if I run svn in a command window, I get an error regarding 
a failure to find gssapi32.dll.  I then installed MIT Kerberos for Windows 
3.2.2, and that error went away, but I still get 'Could not obtain the 
list of SASL mechanisms'.

I believe that I also have to provide a keytab file, and I could really 
use some documentation on how to do this and how to tell SASL where to 
find it.

Thanks in advance for any assistance.

Mike Abraham




-----------------------------------

This message contains information that may be confidential and 
proprietary. Unless you are the intended recipient (or authorized to 
receive this message for the intended recipient), you may not use, copy, 
disseminate or disclose to anyone the message or any information contained 
in the message. If you have received the message in error, please advise 
the sender by reply e-mail, and delete the message immediately. Thank you 
very much.