pieter · December 6, 2010 12:39
diff --git a/Kerberos + Apache + SVN HOWTO b/Kerberos + Apache + SVN HOWTO
 Kerberos + Apache + SVN
 =======================

 I did this on Ubuntu server 10.10. Based on this: https://help.ubuntu.com/community/Kerberos

 1) Make sure the server has appropriate DNS info, e.g.: (/etc/hosts)

 10.0.1.147	draco.madebysofa.com 
 127.0.0.1	localhost ubuntu

 Note that 'host' and 'nslookup' won't actually use this info to resolve, so you can't check the correct config that way. It's apparently important that the server has reverse DNS setup correctly. You can check it using Ruby for instance:

 irb(main):008:0> Socket.getaddrinfo("10.0.1.147", nil)
 => [["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 1, 6], ["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 2, 17], ["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 3, 0]]

 ====

 Now, do the first stuff in the howto linked above.

 ===


 Make sure to check the admin ACL: the domain should be correct in the */[email protected] * line, and it should be uncommented. If not, edit it and run the command as it says in the comment.

 create a user:

 sudo kadmin.local
 ank pieter/admin #

 now you can authenticate with that user to create new users:

 kadmin -p pieter/admin
 ank pieter # Create a normal user

 create a service:

 ank http/draco.madebysofa.com

 export key:

 ktadd -k /etc/apache2/http.keytab http/draco.madebysofa.com

 Install apache stuff:

 sudo apt-get install apache2 libapache2-mod-auth-ekerb libapache2-svn subversion

 Add something like the following to your mod_davsvn config:

 <Location /svn>
  DAV svn
  SVNParentPath /var/www/repositories

  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate On
  KrbMethodK5Passwd On
  KrbAuthRealms REALM.TEST
  Krb5KeyTab /etc/apache2/http.keytab
  KrbServiceName http
  require valid-user

 </Location>

 Now, connecting to /svn/repository_name should work (make sure /var/www/repositories/repository_name is a valid svn repository and readable by www-data)
	Kerberos + Apache + SVN
	=======================

	I did this on Ubuntu server 10.10. Based on this: https://help.ubuntu.com/community/Kerberos

	1) Make sure the server has appropriate DNS info, e.g.: (/etc/hosts)

	10.0.1.147 draco.madebysofa.com
	127.0.0.1 localhost ubuntu

	Note that 'host' and 'nslookup' won't actually use this info to resolve, so you can't check the correct config that way. It's apparently important that the server has reverse DNS setup correctly. You can check it using Ruby for instance:

	irb(main):008:0> Socket.getaddrinfo("10.0.1.147", nil)
	=> [["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 1, 6], ["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 2, 17], ["AF_INET", 0, "draco.madebysofa.com", "10.0.1.147", 2, 3, 0]]

	====

	Now, do the first stuff in the howto linked above.

	===


	Make sure to check the admin ACL: the domain should be correct in the /[email protected] line, and it should be uncommented. If not, edit it and run the command as it says in the comment.

	create a user:

	sudo kadmin.local
	ank pieter/admin #

	now you can authenticate with that user to create new users:

	kadmin -p pieter/admin
	ank pieter # Create a normal user

	create a service:

	ank http/draco.madebysofa.com

	export key:

	ktadd -k /etc/apache2/http.keytab http/draco.madebysofa.com

	Install apache stuff:

	sudo apt-get install apache2 libapache2-mod-auth-ekerb libapache2-svn subversion

	Add something like the following to your mod_davsvn config:

	<Location /svn>
	DAV svn
	SVNParentPath /var/www/repositories

	AuthType Kerberos
	AuthName "Kerberos Login"
	KrbMethodNegotiate On
	KrbMethodK5Passwd On
	KrbAuthRealms REALM.TEST
	Krb5KeyTab /etc/apache2/http.keytab
	KrbServiceName http
	require valid-user

	</Location>

	Now, connecting to /svn/repository_name should work (make sure /var/www/repositories/repository_name is a valid svn repository and readable by www-data)