>Note: please reply in-line and, if at all possible, in _plain_ text, not >html... Sorry for this.
>As mentioned in one of the answers to your stackoverflow question (seeing >as you insist on referencing it), svn 1.7 uses a new, faster protocol for >mod_dav which you will be using by default if setting up a new repo and >using up-to-date clients... Remember the version (1.4.5) benchmarked was >released in 2007! >Have you actually run any benchmark trials yourself comparing https and >svnserve on your network? If your network is slow (not the server) then it >may not actually matter which you use! > ~ mark c Thank you for suggestion. Will try to start some tests. Our current SVN is: svn, version 1.5.4 (r33841) \ compiled Aug 7 2009, 01:44:11 On new and more powerful server we have: svn, version 1.6.17 (r1128011) \ compiled Dec 17 2011, 16:12:52 And will try to install latest release: 1.7.5 for tests on new server. On Thu, Jul 26, 2012 at 12:21 PM, Cooke, Mark <mark.co...@siemens.com> wrote: > > > Note: please reply in-line and, if at all possible, in _plain_ text, not > html... > > > On Thu, Jul 26, 2012 at 11:50 AM, Cooke, Mark > > <mark.co...@siemens.com> wrote: > > > > > On Thu, Jul 26, 2012 at 9:38 AM, Cooke, Mark > > > <mark.co...@siemens.com> wrote: > > > > > > > > > > -----Original Message----- > > > > From: xumuku [mailto:xum...@gmail.com] > > > > Sent: 25 July 2012 16:49 > > > > To: subversion_us...@googlegroups.com > > > > Cc: users@subversion.apache.org; xum...@gmail.com > > > > Subject: Re: Subversion authentication via > > SASL GSSAPI and > > > > likewise open > > > > > > > > My current /usr/lib/sasl2/svn.conf is: > > > > > > > > pwcheck_method: saslauthd > > > > mech_list: GSSAPI > > > > saslauthd_path: /var/run/saslauthd/mux > > > > log_level: 7 > > > > > > > > But I get the error: > > > > Cannot negotiate authentication mechanism > > > > > > > > 1. Does *anyone* have Windows SVNServe > > authenticating to > > > > AD/Kerberos via SASL/GSSAPI? > > > > > > > <http://stackoverflow.com/questions/10407077/does-anyone-have- > > > windows-svnserve-authenticating-to-ad-kerberos-via-sasl-gssap> > > > > 2. Cannot negotiate authentication mechanism > > > > > > > <http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065 > > > &viewType=browseAll&dsMessageId=65725#messagefocus> > > > > > > No (sorry), we use https via apache and mod_ldap to > > > authenticate against AD. I am interested to know why you > > > think that is not secure enough (perhaps you have *nix > > > clients storing plain text passwords?) > > > > > > ~ mark c > > > > > > Because it works only with PLAIN auth: > > > > Ah, ok, yes, I did say we use https. The server is > > configured to redirect all http traffic to https (using > > mod_ssl) and authentication then happens in that encrypted > > environment (or am I being naïve here?) > > > > > tcpdump -ni eth0 -A src host 192.168.1.2 and tcp dst port 3690 > > > > > > > > > 17:10:10.488834 IP 192.168.1.2.59751 > 192.168.1.1.3690: > > > Flags [P.], seq 145:184, ack 166, win 65115, length 39 > > > E..O.b@...."..@...@ .g.j....~...P..[....( PLAIN ( > > > 21:AHVzZXIAcGFzc3dvcmQ= > > > > > > > > > http://www.opinionatedgeek.com/dotnet/tools/base64decode/ - > > > and you can see my sername and password > > > > > > > > > We already have Apache via mod_svn and mod_ldap but > > it is very slow. > > > > What is very slow? I know we don't have many users and > > are on an internal network but I have no issue with our speeds... > > > > ~ mark c > > > > -----Original Message----- > > From: slaventii [mailto:xum...@gmail.com] > > Sent: 26 July 2012 09:58 > > To: Cooke, Mark > > Cc: users@subversion.apache.org > > Subject: Re: Subversion authentication via SASL GSSAPI and > > likewise open > > > > >Ah, ok, yes, I did say we use https. The server is > > configured to redirect all http traffic >to https (using > > mod_ssl) and authentication then happens in that encrypted > > >environment (or am I being naïve here?) > > As I wrote we already have Apache with HTTPS. All is good > > except speed. > > Sorry, I read the list, not links to other sites. > > > >What is very slow? I know we don't have many users and are > > on an internal network >but I have no issue with our speeds... > > > > And this is not only our opinion - Svnserve VS mod_dav_svn > > <http://stackoverflow.com/questions/502585/svnserve-vs-mod-dav-svn> . > > > > SVN + Apache - slow. > > SVN + SASL-Ldap - insecure. > > SVN + SASL-GSSAPI - in progress :) > > As mentioned in one of the answers to your stackoverflow question (seeing > as you insist on referencing it), svn 1.7 uses a new, faster protocol for > mod_dav which you will be using by default if setting up a new repo and > using up-to-date clients... Remember the version (1.4.5) benchmarked was > released in 2007! > > Have you actually run any benchmark trials yourself comparing https and > svnserve on your network? If your network is slow (not the server) then it > may not actually matter which you use! > > ~ mark c
