'Re: TSVN 1.5 + neon enabled MIT'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tortoisesvn-users
Subject:    Re: TSVN 1.5 + neon enabled MIT
From:       Alec Kloss <Alec.Kloss () oracle ! com>
Date:       2008-07-30 16:00:09
Message-ID: 20080730160009.GB15856 () wiley ! research ! stellent ! com
[Download RAW message or body]


On 2008-07-28 16:58, Stefan Küng wrote:
> Alec Kloss wrote:
> 
> >I've had some success using the GSSAPI support in SASL with
> >Tortoise.  It's got some nice perks compared to Negotiate auth...
> >like not needing all the hassle of setting up certificates for SSL
> >and the pesky performance problems with mod_dav_svn.  And, best of
> >all, since SASL dynamically loads auth modules, you just need to
> >build it and drop it (along with the MIT libraries) into a
> >TortoiseSVN bin/ directory and everything just works.
> 
> How big are those libraries of yours?

I haven't tried to get down to a minimal set, but all DLLs in MIT's
bin directory total at about 3.3 MB, the largest of which is
mfc71.dll at almost 1 MB.  

If you don't want to include MIT Krb5 libraries, it'd still be nice
to include the GSSAPI module, so someone who wants MIT could arrange for
the libraries to be loadable by copying them into TortoiseSVN's bin
directory or by putting them in a directory listed in PATH.

> Do you have build instructions?

I build Cyrus SASL 2.1.22 following their win32 build notes.  I
enabled GSSAPI by setting 

	GSSAPI=CyberSafe
	GSSAPI_INCLUDE=\path\to\mit\kerberos\inc\krb5
	GSSAPI_LIBPATH=\path\to\mit\kerberos\lib\i386

on the nmake command line (in addition to the settings for DB),
etc.  The whole thing for me looked something like this:

nmake -f NTMakefile
DB_INCLUDE=z:\cellname.com\user\ajk\cyrus-sasl\db-4.3.28\build_win32
DB_LIBPATH=z:\cellname.com\user\ajk\cyrus-sasl\db-4.3.28\build_win32\Release
GSSAPI=CyberSafe GSSAPI_INCLUDE=c:\Progra~1\Mit\Kerberos\inc\krb5
GSSAPI_LIBPATH=c:\Progra~1\Mit\Kerberos\lib\i386 DB_LIB=libdb43.lib
CFG=Release

> >Stefan, any thoughts about including the GSSAPI module in the SASL
> >you build with Tortoise?  I found that, if the MIT libraries aren't
> >present, SASL quietly eats the load error and disables GSSAPI.
> >Worst case, the SVN library reports that it can't negotiate
> >authentication with the server... it's pretty slick.   Or, you
> >could probably bundle MIT Kerberos for Windows in Tortoise.  As I
> >read the license on their source code, you can do pretty much
> >whatever you want with MIT Kerberos, except possible export it
> >and use MITs name to advertise.  
> 
> It depends on how big the libraries are. And if we can build them 
> without patching the sourcecode.

-- 
Oracle Confidential Information        
Alec.Kloss@oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic