4

I have putty able to use gssapi on my Windows 7 x64 clients against kerberos logins for SSH. I.e. it forwards the ticket you get when you log in to windows. I can't figure out how to get tortiseSVN to do the same. I can get it to prompt me for my credentials every time I do ANYTHING and they work, by changing from neon to serf in the config file. But I need it to use the ticket so I don't have to continually type in my username and password.

If Tortise can't do this, does anyone know of an svn client for Windows that does?

jmp242
  • 668
  • 3
  • 13

2 Answers2

5

The FAQ says yes.

How do I make GSSAPI authentication work?
The 'neon' http library, which is the default for a TortoiseSVN installation, has problems with GSSAPI, but the 'serf' library should work. TSVN is linked with both of those DAV libraries, you can configure which one to use in the subversion server file. Go to TSVN->Settings->Network->Subversion server file->Edit.

  1. In TortoiseSVN->Settings->Network->Subversion server file, click on the edit button.

  2. At the bottom of the file change the [global] section by editing the http-library entry (or adding it if it is missing)

    [global]
    http-library = serf

Note that this change will affect all Subversion clients on your PC.

However, the DAV server you're operating against will also have to understand GSSAPI/SPNEGO and have access to an appropriate keytab (HTTP/svn.example.com@EXAMPLE.COM).

84104
  • 12,698
  • 6
  • 43
  • 75
  • As I said, I did do that change to serf. It then prompts me for my password every time I do *anything*. I was hoping there was a way to have TortoiseSVN use the existing ticket in Windows like PuTTY can - no password prompting. – jmp242 Nov 11 '13 at 14:00
  • @jmp242 There are two parts to this, the client and the server. The client seems alright, but you haven't provided any details about the server. – 84104 Nov 11 '13 at 16:05
  • The server is apache. The kerberos auth works from linux and from Firefox on Windows. Tortise will prompt for credentials with that change (without it, it just fails with "error"). What Tortise doesn't seem to do is use the existing ticket like Firefox will... – jmp242 Nov 12 '13 at 15:48
0

Latest TortoiseSVN version able to succesfully authenticate with Kerberos SPNEGO on WebDAV was 1.6 (I am not sure about the exact minor version 1.6.x from since it stopped working)

My Subversion WebDAv server is properly configured for SPNEGO and SSO works well from Linux with WanDisco Subversion 1.8 package thanks to required configuration options properly set in serf at compilation.

At the moment (mid-2014), I have found no recent client on Windows, neither graphical nor command-line, that uses GSSAPI properly to authenticate with SPNEGO. Still a work in progress.

Yves Martin
  • 879
  • 3
  • 7
  • 21