[Freeipa-users] svnserve authentication against IPA
Dmitri Pal
dpal at redhat.com
Sat Jun 27 17:46:46 UTC 2015
On 06/18/2015 05:09 AM, dbischof at hrz.uni-kassel.de wrote:
> Hi,
>
> I have a svnserve (Subversion 1.6.11) running on my IPA server.
> Currently, there's a separate user database with SASL auth:
>
> /etc/sasl2/svn.conf
> ---
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /etc/sasldb2
> mech_list: DIGEST-MD5
> ---
>
> XXX/testrepo/conf/svnserve.conf
> ---
> [general]
> anon-access = none
> authz-db = authz
> realm = MYSUBDOMAIN.MYUNIVERSITY.DE
> [sasl]
> use-sasl = true
> min-encryption = 128
> max-encryption = 256
> ---
>
> On a test system, I changed svnserve auth to saslauthd and IPA:
>
> /etc/sasl2/svn.conf
> ---
> pwcheck_method: saslauthd
> auxprop_plugin: ldap
> mech_list: PLAIN
> ldapdb_mech: PLAIN
> ---
>
> XXX/testrepo/conf/svnserve.conf
> ---
> [general]
> anon-access = none
> authz-db = authz
> realm = MYSUBDOMAIN.MYUNIVERSITY.DE
> [sasl]
> use-sasl = true
> min-encryption = 0
> max-encryption = 256
> ---
>
> /etc/saslauthd.conf
> ---
> ldap_servers: ldaps://localhost/
> ldap_search_base:
> cn=users,cn=accounts,dc=MYSUBDOMAIN,dc=MYUNIVERSITY,dc=DE
> ---
>
> Though this setup basically works and svnserve and IPA are running on
> the same machine I'm unhappy with PLAIN and "min-encryption = 0".
>
> What would you suggest to improve security/enable encryption in this
> setup? I considered switching from svnserve to Apache, but that would
> imply that my users will have to get used to something new.
>
>
> Mit freundlichen Gruessen/With best regards,
>
> --Daniel.
>
It seems that no one on the list knows details about svn configuration
so if you figure it out please share the results with the list.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list