Request: Kerberos/GSSAPI/SSPI and TortoisePlink in TortoiseSVN, TortoiseGIT and TortoiseHG too?

446 views
Skip to first unread message

jonathan d p ferguson

unread,
Mar 3, 2011, 2:34:28 AM3/3/11
to d...@tortoisesvn.tigris.org
hi.

Awesome TortoiseSVN devs:

Thank you for creating such an awesome product. It sees thousands of hours of use where I teach. :-)

I've been following the thread of Kerberos/GSSAPI integration into the PuTTY suite for some time now. There have been a number of ports by various people that work. I noticed today (in revisiting the thread) that basic support for Kerberos was added in r8952. Lest I'm mistaken, it appears that the last time TortoisePlink synched was at r8934, aka PuTTY version 0.59. The current revision for PuTTY is r9117, though I am unaware of any imminent 0.61 release from the PuTTY developers.

I searched the TortoiseSVN developer's list archive/forum for related topics and didn't see anything recent on this topic. I have not attempted to update this tree myself, though I can authenticate over Kerberos/GSSAPI with my own build of PuTTY/Plink r9117. My past attempts to use a different Plink executable (ie, Plink with GSSAPI support) with TortoiseSVN were too shaky for deployment.

Could you please investigate the possibility of updating the Plink submodule? As the PuTTY developers haven't yet blessed a release, I'm not 100% sure that GSSAPI support is "ready," but it bears asking. Adding such support infers a dynamically linked dependency on the relevant Kerberos provider libraries (GSSAPI/SSPI). That linkage is now handled by PuTTY/Plink itself.

If this feature enters Tortoise{SVN,GIT,HG}, users of Kerberos/GSSAPI/SSPI authentication will thank you. :-) I notice that Kerberos/SSPI appears to be handled by libneon when authenticating over HTTPS. It would be most excellent if a similar capability was supported for SSH.

The user story here is:

"A user of Tortoise{SVN,GIT,HG} would like to authenticate against an SSH-based {SVN,GIT,HG} server using Kerberos/GSSAPI/SSPI such that if she has current credential tickets (and the server is authorized against the kdc) she will not need to type a password to access the repository behind the SSH service."

Thoughts?

Many Thanks!

have a day.yad
jdpf

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2709187

To unsubscribe from this discussion, e-mail: [dev-uns...@tortoisesvn.tigris.org].

Stefan Küng

unread,
Mar 3, 2011, 2:28:17 PM3/3/11
to d...@tortoisesvn.tigris.org

On trunk, I've updated TortoisePlink to use version 0.61 of Plink. It
has GSSAPI support, but: it only works for 32-bit. The 64-bit build
doesn't support it, but of course it doesn't really matter because there
are no 64-bit builds of kerberos for windows available anyway.

Stefan

--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest Interface to (Sub)Version Control
/_/ \_\ http://tortoisesvn.net

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2709380

Joseph Galbraith

unread,
Mar 3, 2011, 6:25:12 PM3/3/11
to d...@tortoisesvn.tigris.org, Stefan Küng

It is somewhat tricky to track down, but it is out there.

http://www.secure-endpoints.com/#kfw

Whether 64-bit plink will work with it is another story...

Thanks,

Joseph

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2709426

jonathan d p ferguson

unread,
Mar 4, 2011, 1:48:47 AM3/4/11
to d...@tortoisesvn.tigris.org
hi.

On Mar 3, 2011, at 2:28 PM, Stefan Küng wrote:

> On 03.03.2011 08:34, jonathan d p ferguson wrote:
>> hi.
>>
>> Awesome TortoiseSVN devs:

<snip>


>>
>> Could you please investigate the possibility of updating the Plink
>> submodule? As the PuTTY developers haven't yet blessed a release, I'm
>> not 100% sure that GSSAPI support is "ready," but it bears asking.
>> Adding such support infers a dynamically linked dependency on the
>> relevant Kerberos provider libraries (GSSAPI/SSPI). That linkage is
>> now handled by PuTTY/Plink itself.

<snip>


>>
>> "A user of Tortoise{SVN,GIT,HG} would like to authenticate against an
>> SSH-based {SVN,GIT,HG} server using Kerberos/GSSAPI/SSPI such that if
>> she has current credential tickets (and the server is authorized
>> against the kdc) she will not need to type a password to access the
>> repository behind the SSH service."
>

> On trunk, I've updated TortoisePlink to use version 0.61 of Plink. It
> has GSSAPI support, but: it only works for 32-bit. The 64-bit build
> doesn't support it, but of course it doesn't really matter because there
> are no 64-bit builds of kerberos for windows available anyway.

Excellent. Thanks!

have a day.yad
jdpf

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2709482

Reply all
Reply to author
Forward
0 new messages