[Freeipa-users] svnserve authentication against IPA
dbischof at hrz.uni-kassel.de
dbischof at hrz.uni-kassel.de
Thu Jun 18 09:09:25 UTC 2015
Hi,
I have a svnserve (Subversion 1.6.11) running on my IPA server. Currently,
there's a separate user database with SASL auth:
/etc/sasl2/svn.conf
---
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /etc/sasldb2
mech_list: DIGEST-MD5
---
XXX/testrepo/conf/svnserve.conf
---
[general]
anon-access = none
authz-db = authz
realm = MYSUBDOMAIN.MYUNIVERSITY.DE
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
---
On a test system, I changed svnserve auth to saslauthd and IPA:
/etc/sasl2/svn.conf
---
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN
ldapdb_mech: PLAIN
---
XXX/testrepo/conf/svnserve.conf
---
[general]
anon-access = none
authz-db = authz
realm = MYSUBDOMAIN.MYUNIVERSITY.DE
[sasl]
use-sasl = true
min-encryption = 0
max-encryption = 256
---
/etc/saslauthd.conf
---
ldap_servers: ldaps://localhost/
ldap_search_base: cn=users,cn=accounts,dc=MYSUBDOMAIN,dc=MYUNIVERSITY,dc=DE
---
Though this setup basically works and svnserve and IPA are running on the
same machine I'm unhappy with PLAIN and "min-encryption = 0".
What would you suggest to improve security/enable encryption in this
setup? I considered switching from svnserve to Apache, but that would
imply that my users will have to get used to something new.
Mit freundlichen Gruessen/With best regards,
--Daniel.
More information about the Freeipa-users
mailing list