Marc Dormey

Posts Tagged ‘sspi’

When you set up a subversion server you can integrate SSPI to use your domain usernames and passwords.

Set up Apache and SSPI

First you need to download the SSPI Module here. Copy the file mod_auth_sspi.so into the Apache modules folder (should be something like C:\Program Files\CollabNet Subversion Server\httpd\modules).

Edit the http.conf file (should be at C:\Program Files\CollabNet Subversion Server\httpd\conf) and add the line

LoadModule sspi_auth_module modules/mod_auth_sspi.so

to the LoadModule’s section. Make sure you insert this line before the line

LoadModule auth_module modules/mod_auth.so

Change the line

AuthType Basic

TO

AuthType SSPI

also replace everything inside “Location /svn” block with this:

DAV svn
SVNParentPath "[REPOPATH]"

 # authentication
AuthName "Subversion Authentication"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain [DOMAINNAME]
SSPIOfferBasic On
Require valid-user

 # authorization
AuthzSVNAccessFile "[REPOPATH]\authorization.conf"

Replace [REPOPATH] with your root repository location (eg. c:\svn_repository) and replace [DOMAINNAME] with your domain controller. If you have no domain name use “domaincontroller”.

Almost done!

The last thing we need to do is add a file authorization.conf in the root of the repository and add these lines…

[groups]
admin = DOMAIN\username, username, DOMAIN\username2, username2
[/]
@admin= rw

You will notice we add an entry with the domain prefix and an entry without. This is because apache authenticates differently and we need both. You can make new groups etc. If you need security for specific repositories you can read further here