0

I have successfully configured both PC-based TortoiseSVN and a test Linux-based Subversion server to perform LDAP-based user authentication back to a geniune Windows Server 2008 R2 ldap server. Took some doing, especially when it came to overcoming a transposition of letters in the FQDN of my domain name among more than a few configuration files :), but it's working.

I have one question I'd like the more learned in this world verify for me - most particularly, that even though this LDAP setup is working, passwords are being sent across the wire in plaintext between SVN and saslauthd via the PLAIN mechanism. Presently, my reading and experimentation indicates there's no way around that -- is that correct, or have I overlooked some important piece?

Appreciation in advance for the information.

David W
  • 10,062
  • 34
  • 60

1 Answers1

1

You should set up your server with SSL (i.e. access it via https, not http). That way your password is also encrypted.

Note: the default DAV lib Subversion uses (neon) has SSPI (the Windows implementation of domain authentication) authentication disabled for non-SSL connections, it only works for SSL connections - for exactly this reason.

Stefan
  • 43,293
  • 10
  • 75
  • 117
  • That's good information. I know that UNIX based repositories just fork a new process fire svn+ssl connects, but I have this repository running as a Windows service, so I may have more research to do in that regard. – David W Apr 30 '12 at 14:35