NT Domain authentication with Subversion

["Anderson, Allan" <aa...@opentv.com>]

Searching the archives, I've become confused about how best to allow Windows
domain users to have Subversion access.

I see on http://svnbook.red-bean.com/en/1.1/ch06.html that it says any form
of Apache authentication will work: mod_dav_svn and I presume mod_ntlm
and/or mod_sspi. I also see that a bug now marked fixed says these methods
work as of 1.3RC3. http://subversion.tigris.org/issues/show_bug.cgi?id=1844

Finally, there's this information on TortoiseSVN:
http://tortoisesvn.sourceforge.net/docs/release/TortoiseSVN_en/ch03.html#tsv
n-serversetup-apache-5

This makes me think I'll be able to do this with SVN 1.3.x, after making
sure I have Apache set up correctly.

I'm curious: has anyone else done this recently? I see that it appears to
work with the command line client and TortoiseSVN; should it also work with
SmartSVN or other svn clients?

I'm migrating from CVS on Solaris (with NIS authentication) to SVN or CVSNT
on Solaris. Most developers here use Windows, but there are some Solaris and
a few Linux users. My manager really, really wants to be able to use NT
domain AD logins to allow access to source control for the Windows users.
I'd like to make this work with SVN. I'd love some input from this list.

Thanks, folks.

Re: NT Domain authentication with Subversion

[Nick Thompson <ni...@agere.com>]

On Tuesday 07 March 2006 21:06, Anderson, Allan wrote:
> Searching the archives, I've become confused about how best to
> allow Windows domain users to have Subversion access.
>
> I see on http://svnbook.red-bean.com/en/1.1/ch06.html that it says
> any form of Apache authentication will work: mod_dav_svn and I
> presume mod_ntlm and/or mod_sspi. I also see that a bug now marked
> fixed says these methods work as of 1.3RC3.
> http://subversion.tigris.org/issues/show_bug.cgi?id=1844
>
> Finally, there's this information on TortoiseSVN:
> http://tortoisesvn.sourceforge.net/docs/release/TortoiseSVN_en/ch03
>.html#tsv n-serversetup-apache-5
>
> This makes me think I'll be able to do this with SVN 1.3.x, after
> making sure I have Apache set up correctly.
>
> I'm curious: has anyone else done this recently? I see that it
> appears to work with the command line client and TortoiseSVN;
> should it also work with SmartSVN or other svn clients?
>
> I'm migrating from CVS on Solaris (with NIS authentication) to SVN
> or CVSNT on Solaris. Most developers here use Windows, but there
> are some Solaris and a few Linux users. My manager really, really
> wants to be able to use NT domain AD logins to allow access to
> source control for the Windows users. I'd like to make this work
> with SVN. I'd love some input from this list.
>
> Thanks, folks.

I just did something similar on a Linux server using stock 1.3.0 
(though older versions should work). I used mod_auth_kerb to do 
kerberos authentication is the DC. You need an up to date kerberos 
install to work with a 2003 DC.

The thing about mod_auth_kerb is that is supports basic authentication 
on the client side, which has been supported in svn for a long time. 
The module also supports KDC ticket authentication, but I don't think 
this works with current svn stock builds.

What this means then, is windows users still have to type in their 
password and cache it if they don't want to supply it on every server 
operation. This works fine. The issue is how securely does the svn 
client store the password locally (not very, I believe).

Nick.

-- 
> Nick Thompson

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org