I just found out how to make the current TSVN (1.7.11 as of this writing) work with Kerberos authentication on a Linux server that uses krb5 as I previously described here.
Of couse no other than Stephan Küng, the developer of TSVN himself provided the answer here. For those tl;dr folks, here's the relevant part that needs to be modified in TSVN's server file:
[global]
http-library = serf
This makes TSVN use the serf library for authentication instead of neon, the default. This actually lets single-sign-on work from a Windows box to a Linux subversion server (AFAIK using GSSAPI for authentication) using krb5 within the same Active Directory.
However, it breaks single-sign-on from a Windows box to a Windows subversion server (AFAIK using SSPI for authentication) within the same Active Directory.
Luckily, TSVN is capable of having server- and site-specific settings in it's server file. I created a group with my Linux subversion server as only member, and had TSVN just use serf there.
Here's an example:
[groups]This worked like a charm, now I've got single-sign-on working to my Windows and Linux svn servers.
mylinuxserver = svn.linux.subnet
[mylinuxserver]
http-library = serf
2 comments:
Are you able to get the tortoise command line utilities to work with kerberos as well?
Yes, they work like a charm.
On a sidenote, From Subversion-1.8.0 only serf is supported. So it's no longer required to change the config.
The change to 1.8.0 brings other caveats though, as I've written about here: http://ingenious-excerpts.blogspot.com/2013/07/tortoisesvn-180-and-ntlm-authentication.html
Post a Comment