Cheers.
Assuming you've got subversion running behind Apache you use
mod_auth_kerb in exactly the same way you would any other Apache
location where you want authentication.
http://modauthkerb.sourceforge.net/
-BT
--
Bj�rn Tore Sund Phone: 555-84894 Email: bjorn...@it.uib.no
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
Kerberos isn't specifically built into SVN, it's handled by the carrier
protocol, which is usually SSH or HTTP. Depending on what you're using,
you'll need to setup Kerberos in OpenSSH or your webserver.
OpenSSH already has Kerberos/GSSAPI support. In most cases, it's a
matter of turning it on.
If you are using HTTP and the Apache webserver, there's a module called
mod_auth_kerb that does Kerberos authentication for you.
Cheers,
Edward
On Thu, 2010-02-04 at 15:27 -0600, Girish Mandhania wrote:
> Hello,
> I am working for a university and have Kerberos installed on our server.I
> wish to use Kerberos authentication of Subversion(change management
> application) on Linux.
> Could you please help me with the clear list of steps to be followed, as I
> am not able to find relevant information on the web.
> Let me know if any more details are required..
>
> Cheers.
> ________________________________________________
> Kerberos mailing list Kerb...@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
I think the usual approach has two relatively simple parts, which can be deployed and tested separately:
1) Use svn+ssh (subversion over ssh) for repository access.
2) Use a Kerberos/GSSAPI-enabled ssh, which is probably available in whatever packaging system you have available for your distribution.
If your developers don't currently have accounts on the subversion server, you can set up accounts that only allow one command, "svnserve", to be run.
Ken
Actually, as of Subversion 1.5, svnserve and ra_svn (the "svn://"
prefix, as opposed to "svn+ssh") can use Cyrus SASL. So you can
conceivably use Kerberos authentication with any of the network
transports (http, svn, or svn+ssh). If you want to use the built-in
ra_svn support, the following may be of use:
http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt
I've never personally set it up that way. You may have better luck
getting support on the Subversion users list if you run into problems.
> On 2/4/10 10:27 PM, Girish Mandhania wrote:
>> Hello,
>> I am working for a university and have Kerberos installed on our server.I
>> wish to use Kerberos authentication of Subversion(change management
>> application) on Linux.
>> Could you please help me with the clear list of steps to be followed, as I
>> am not able to find relevant information on the web.
>> Let me know if any more details are required..
>
> Assuming you've got subversion running behind Apache you use
> mod_auth_kerb in exactly the same way you would any other Apache
> location where you want authentication.
>
> http://modauthkerb.sourceforge.net/
That makes the server take passwords and validate them against the
kerberos database, or else requires for browser-side access the
Negotiate mechanism. It seems bad practice to send ones kerberos
password to the server (or perhaps worse, to have svn store it), so
obviously the only reasonable thing to do is use Negotitate.
neon seems to have a gssapi option - does that work from svn with
modauthkerb?
Regards
Valerio Pulese