> On Thu, Jul 26, 2012 at 9:38 AM, Cooke, Mark > <mark.co...@siemens.com> wrote: > > > > -----Original Message----- > > From: xumuku [mailto:xum...@gmail.com] > > Sent: 25 July 2012 16:49 > > To: subversion_us...@googlegroups.com > > Cc: users@subversion.apache.org; xum...@gmail.com > > Subject: Re: Subversion authentication via SASL GSSAPI and > > likewise open > > > > My current /usr/lib/sasl2/svn.conf is: > > > > pwcheck_method: saslauthd > > mech_list: GSSAPI > > saslauthd_path: /var/run/saslauthd/mux > > log_level: 7 > > > > But I get the error: > > Cannot negotiate authentication mechanism > > > > 1. Does *anyone* have Windows SVNServe authenticating to > > AD/Kerberos via SASL/GSSAPI? > > > <http://stackoverflow.com/questions/10407077/does-anyone-have- > windows-svnserve-authenticating-to-ad-kerberos-via-sasl-gssap> > > 2. Cannot negotiate authentication mechanism > > > <http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065 > &viewType=browseAll&dsMessageId=65725#messagefocus> > > No (sorry), we use https via apache and mod_ldap to > authenticate against AD. I am interested to know why you > think that is not secure enough (perhaps you have *nix > clients storing plain text passwords?) > > ~ mark c > > Because it works only with PLAIN auth:
Ah, ok, yes, I did say we use https. The server is configured to redirect all http traffic to https (using mod_ssl) and authentication then happens in that encrypted environment (or am I being naïve here?) > tcpdump -ni eth0 -A src host 192.168.1.2 and tcp dst port 3690 > > > 17:10:10.488834 IP 192.168.1.2.59751 > 192.168.1.1.3690: > Flags [P.], seq 145:184, ack 166, win 65115, length 39 > E..O.b@...."..@...@ .g.j....~...P..[....( PLAIN ( > 21:AHVzZXIAcGFzc3dvcmQ= > > > http://www.opinionatedgeek.com/dotnet/tools/base64decode/ - > and you can see my sername and password > > > We already have Apache via mod_svn and mod_ldap but it is very slow. What is very slow? I know we don't have many users and are on an internal network but I have no issue with our speeds... ~ mark c
