Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Kerberos + Apache + SVN
=======================
I did this on Ubuntu server 10.10. Based on this: https://help.ubuntu.com/community/Kerberos
1) Make sure the server has appropriate DNS info, e.g.: (/etc/hosts)
10.0.1.147 draco.madebysofa.com
127.0.0.1 localhost ubuntu
Note that 'host' and 'nslookup' won't actually use this info to resolve, so you can't check the correct config that way. It's apparently important that the server has reverse DNS setup correctly. You can check it using Ruby for instance:
irb(main):008:0> Socket.getaddrinfo("10.0.1.147", nil)
=> [["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 1, 6], ["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 2, 17], ["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 3, 0]]
====
Now, do the first stuff in the howto linked above.
===
Make sure to check the admin ACL: the domain should be correct in the */admin@REALM.TEST * line, and it should be uncommented. If not, edit it and run the command as it says in the comment.
create a user:
sudo kadmin.local
ank pieter/admin #
now you can authenticate with that user to create new users:
kadmin -p pieter/admin
ank pieter # Create a normal user
create a service:
ank http/draco.madebysofa.com
export key:
ktadd -k /etc/apache2/http.keytab http/draco.madebysofa.com
Install apache stuff:
sudo apt-get install apache2 libapache2-mod-auth-ekerb libapache2-svn subversion
Add something like the following to your mod_davsvn config:
<Location /svn>
DAV svn
SVNParentPath /var/www/repositories
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms REALM.TEST
Krb5KeyTab /etc/apache2/http.keytab
KrbServiceName http
require valid-user
</Location>
Now, connecting to /svn/repository_name should work (make sure /var/www/repositories/repository_name is a valid svn repository and readable by www-data)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.