You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Krishna Reddy <kr...@yahoo.com> on 2008/05/22 15:43:04 UTC
Windows authentication with subversion and apache
Hello,
Windows authentication with subversion using SSPI module is working now.
I used the mod_auth_sspi.so module from the TortoiseSVN website.
mod_auth_sspi.so
http://sourceforge.net/projects/mod-auth-sspi/
I had to setup subversion location in apache httpd configuration file..
Location /Rep>
DAV svn
SVNParentPath C:/SVN/Rep
AuthName "Subversion Rep repository"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain DOMAIN
SSPIOfferBasic On
Require valid-user
AuthzSVNAccessFile C:/SVN//Rep/auth.txt
</Location>
Next, I had to setup subversion access file i.e.., auth.txt
[groups]
access = DOMAIN\USERNAME, username
[/]
@access = rw
Note: use two login names - one with and one without the domain.. Subversion requires the former and the web browser requires the latter.
Thank you.
Re: Windows authentication with subversion and apache
Posted by Florian Seydoux <fl...@gmail.com>.
Sam Munzani wrote:
> Is there such module for FreeBSD? My repository is on FreeBSD however I
> would like to use windows AD auth for the authentication piece.
I guess not (not available on linux -> *nix).
Anyway, you should be able to use the kerberos module (the admin of the
AD should creates
something for you), or 'simply' by using LDAP.
In that case, I suggest to use an AuthnProviderAlias, to be more
flexible (eg. to mix authentication
through the AD server and using local user-password file).
There is plenty of documentation that google can gives you, but I can
give you a small example:
first, you have to find the 'distinguishedName' of the user how will do
the request.
assuming that the user 'guest' (password='guestpass') will do that, and
will have a dist.name like
'CN=guest,OU=Users,OU=MyComp,DC=server,DC=net',
on the server (machine 'mycomp-dc.net'),
you just have to configure the apache server like that:
<AuthnProviderAlias ldap ldap-dc>
AuthLDAPBindDN "CN=guest,OU=Users,OU=MyComp,DC=server,DC=net"
AuthLDAPBindPassword guestpass
AuthLDAPURL
ldap://mycomp-dc1:389/OU=Users,OU=MyComp,DC=server,DC=net?sAMAccountName?sub?(objectClass=user)
</AuthnProviderAlias>
and use this alias in a normal SVN location:
<Location /svn/projectXYZ>
DAV svn
SVNPath ...
SVNAutoversioning on
SVNIndexXSLT "/layout/svnindex.xsl"
AuthzSVNAccessFile ...
AuthName "MyComp project xyz svn"
AuthType Basic
AuthBasicAuthoritative off
AuthzLDAPAuthoritative off
AuthBasicProvider ldap-dc
Satisfy Any
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
regards,
florian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Windows authentication with subversion and apache
Posted by Sam Munzani <sm...@comcast.net>.
Is there such module for FreeBSD? My repository is on FreeBSD however I
would like to use windows AD auth for the authentication piece.
Thanks,
Sam
> Hello,
> Windows authentication with subversion using SSPI module is working now.
>
> I used the mod_auth_sspi.so module from the TortoiseSVN website.
>
> mod_auth_sspi.so
> http://sourceforge.net/projects/mod-auth-sspi/
>
> I had to setup subversion location in apache httpd configuration file.
>
> Location /Rep>
> DAV svn
> SVNParentPath C:/SVN/Rep
>
> AuthName "Subversion Rep repository"
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain DOMAIN
> SSPIOfferBasic On
> Require valid-user
>
> AuthzSVNAccessFile C:/SVN//Rep/auth.txt
> </Location>
>
> Next, I had to setup subversion access file i.e., auth.txt
>
> [groups]
> access = DOMAIN\USERNAME, username
> [/]
>
> @access = rw
>
> *Note:* use two login names - one with and one without the domain.
> Subversion requires the former and the web browser requires the latter.
>
> Thank you.
>