0

Hi i work in a place that runs programming courses, in alot of the courses the students are required to do a project in order to pass the course, and sometimes the projects are even done in groups, so you can understan the need for version control, we use svn and we run it on an apache server in a windows server 2003 operting system.

in order for the students not to be able to copy each others code we want to make the authntication with the svn server windows integrated, meaning that the student won't be prompt for user name and password when he is trying to access the svn, but will automatically connect to the svn with the current user name and password.

our fear is that students will share thier passwords with one another and easily get each others version of code from the svn.

I have tried searching for this on the internet, i found a version of visual svn server that supports Integrated windows authentication but this supports costs money,

I have tried using windows authntication modules for the apache server (mod_auth_sspi) but that didn't stop me from getting prompt for user name and password.

has anyone succeded in making his svn server windows integrated? and how? does anyone know of any other free version control systems that can be windows integrated? or maybe have any sort of an idea on my situation.

thanks.

pnuts
  • 58,317
  • 11
  • 87
  • 139
Amos Gueta
  • 21
  • 4
  • The svn client will have to support NTLM authentication with automatic passthrough, and I've never seen a client that actually does that (aside from a browser, but that's not much of an SVN "client"). So that means that you'll still be faced with students easily able to provide alternate credentials. Sorry. – Jake Feasel Nov 14 '11 at 20:54

3 Answers3

2

I managed to achive this by making my svn authentication SSL, and setting the svn attribute "OfferBasic" inside the repository location tag to off.

Amos Gueta
  • 21
  • 4
0

I'm using Collabnet Subversion Edge here, and it appears to do LDAP. I'm not a security guy I don't know if that is the same as what you need.

enter image description here

Doug Chamberlain
  • 11,192
  • 9
  • 51
  • 91
  • can you tell me more about it? i don't really care about securty that much, the students have limited resources on thier computers and they don't really have time to hack anything if they want to pass the course, certanlly not worried about somone sniffing the network. on what server dose this work? what clients can i use to integrate with it? – Amos Gueta Nov 16 '11 at 20:22
0

In order for the students not to be able to copy each others code we want to make the authentication with the svn server windows integrated, meaning that the student won't be prompt for user name and password when he is trying to access the svn, but will automatically connect to the svn with the current user name and password.

How would this scheme prevent student A from passing the code over to student B?

Student A could simply download the code, zip it up, and pass it over to student B. Or, student A could use a client like svn-git, download the whole repository and pass it to student B. And, if student A gave student B the password to their Windows account, what's to prevent student B from logging in as student A?

Back in Windows NT days, you could use NTLM. NTLM assumed that since you were logged into a Windows machine that was certified as a valid machine on the network, you already had authenticated and didn't need to reauthenticate. Thus, no need to ask for an account and password.

But NTLM required the server to be running IIS and the client running Windows NT and Internet Explorer 5. I believe it is still possible to use NTLM, but Microsoft no longer recommends it because it was so full of security holes.

Even if you could use NTLM, there's no Subversion server that works over IIS and there's no Subversion client that allows checkout via IE.

All you're doing is making it more difficult for students to actually do their work.

David W.
  • 105,218
  • 39
  • 216
  • 337
  • to your question the students have limited access to the network, and limited access to the subversion. they don't have internet connection on the project computers, and they don't have access to shared folders on the network. they don't have that svn-git tool that your are talking about, i don't really know what it can do but they can't even get it, and they don't have permisions on the hole repository just on a specific folder in the repository. all they have is visual studio, ankh and tortoise svn as thier client integration tools. – Amos Gueta Nov 16 '11 at 20:06
  • i know that this is possible to accomplish because as i said in my post, i have found visualSVN server 2.5.1 and it has support for windows integrated authentication using apache server, but this feature costs money and i am looking for somthing that dosen't. – Amos Gueta Nov 16 '11 at 20:25