Kerberos for Subversion

Greg Troxel gdt at ir.bbn.com
Wed Feb 10 09:02:35 EST 2010


Bjørn Tore Sund <bjorn.sund at it.uib.no> writes:

> On 2/4/10 10:27 PM, Girish Mandhania wrote:
>> Hello,
>> I am working for a university and have Kerberos installed on our server.I
>> wish to use Kerberos authentication of Subversion(change management
>> application) on Linux.
>> Could you please help me with the clear list of steps to be followed, as I
>> am not able to find relevant information on the web.
>> Let me know if any more details are required..
>
> Assuming you've got subversion running behind Apache you use 
> mod_auth_kerb in exactly the same way you would any other Apache 
> location where you want authentication.
>
> http://modauthkerb.sourceforge.net/

That makes the server take passwords and validate them against the
kerberos database, or else requires for browser-side access the
Negotiate mechanism.  It seems bad practice to send ones kerberos
password to the server (or perhaps worse, to have svn store it), so
obviously the only reasonable thing to do is use Negotitate.

neon seems to have a gssapi option - does that work from svn with
modauthkerb?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20100210/9a0553f6/attachment.bin


More information about the Kerberos mailing list