'Re: SSPIPerRequestAuth On'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tortoisesvn-users
Subject:    Re: SSPIPerRequestAuth On
From:       <tortoisesvn () gmail ! com>
Date:       2008-07-30 10:18:48
Message-ID: 48904008.5040801 () gmail ! com
[Download RAW message or body]


Simon Berry wrote:
> Stefan 
> 
> I saw your comment : 
> 
>> SSPIPerRequestAuth on
>>
>> this will make SSPI only require new authentication for every request,
>> not every datapacket sent.
> 
> and thought that I would like to enable that on our server (we have a
> lot of offsite engineers connecting through 3G modems - so reducing
> traffic is good) so I turned on the SSPIPerRequestAuth.
> 
> 3 minutes later I had a queue of users in my office with authentication
> problems. Tortoise was suddenly asking them for credentials rather than
> using the domain controller automatically. This is our configuration :

What was the error shown?

> <Location />
> 	DAV svn
> 	SVNPath d:/Data/SvnRepo
> 
> 	SVNListParentPath on
> 	AuthName "ATL Subversion Repository"
> 	AuthType SSPI
> 
> 	SSPIAuth On
> 	SSPIAuthoritative On
> 	SSPIDomain andromeda-dc01
> 	SSPIOmitDomain On
> 	SSPIPerRequestAuth on
> 	SSPIOfferBasic On
> 
> 	Require valid-user
> 	AuthzSVNAccessFile "d:/Data/SvnRepo/conf/svnaccess.txt"	
> </Location>
> 
> Any ideas as to why this might be ? I have turned off SSPIPerRequestAuth
> for now until I can figure out the problem. I am using Apache 2.0.

This should work, but I suggest adding:
SSPIUsernameCase lower
to make sure that the authentication is done with lowercase usernames - 
otherwise SSPI would use both and then you might run into troubles if 
you don't have the usernames in all casing in the svnaccess.txt file.

> p.s. is there any documentation on these configuration options ?

I think collab.net has some documentation on that. The mod_auth_sspi 
website unfortunately has not much documentation..

Stefan


-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic