And this is Subversion in a Windows environment: authenticating against multiple domains, written Jun 07, 2006, and concerning Howtos, Software

We run Subversion for source control at work, with Apache2, and we use mod_auth_sspi to allow developers to authenticate to Subversion with their Windows username and password. However, we've got more than one domain at work, and so we need SSPI to allow you to authenticate with your Windows username and password whichever domain you're in. The relevant stanza of httpd.conf, to authenticate against multiple NT/2003 domains, looks like this:

<Location /svn>
DAV svn
SVNParentPath e:\svn
#
AuthName "Subversion repositories"
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
AuthAuthoritative Off # multiple authorities
#
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain domain_controller_for_first_domain
SSPIOfferBasic On
#
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain domain_controller_for_second_domain
SSPIOfferBasic On
#
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain domain_controller_for_third_domain
SSPIOfferBasic On
</Location>

Comments

the_angry_angel

Presumably this allows you to specify DOMAIN\Username, or Username@DOMAIN, as the username field, for multiple domains?

sil

the_angry_angel: it does indeed.

the_angry_angel

Ah, very cool. This maybe worth implementing over here :D

Kianoosh

Excellent, Thanks for figuring that out.

While we're sharing info, I also use this directive: "SSPIOmitDomain On" so that the "@domain" doesn't show up in the svn logs for the author.

Now I only wish we could easily map usernames from the Active Directory user names to something more legible. Here at this client their usernames are in the format "nm######". I wish we could have a directive that tells SVN to use the account's real name, or some other identifier for logging purposes.