On 06/18/2015 05:09 AM, dbisc...@hrz.uni-kassel.de wrote:
Hi,

I have a svnserve (Subversion 1.6.11) running on my IPA server. Currently, there's a separate user database with SASL auth:

/etc/sasl2/svn.conf
---
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /etc/sasldb2
mech_list: DIGEST-MD5
---

XXX/testrepo/conf/svnserve.conf
---
[general]
anon-access = none
authz-db = authz
realm = MYSUBDOMAIN.MYUNIVERSITY.DE
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
---

On a test system, I changed svnserve auth to saslauthd and IPA:

/etc/sasl2/svn.conf
---
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN
ldapdb_mech: PLAIN
---

XXX/testrepo/conf/svnserve.conf
---
[general]
anon-access = none
authz-db = authz
realm = MYSUBDOMAIN.MYUNIVERSITY.DE
[sasl]
use-sasl = true
min-encryption = 0
max-encryption = 256
---

/etc/saslauthd.conf
---
ldap_servers: ldaps://localhost/
ldap_search_base: cn=users,cn=accounts,dc=MYSUBDOMAIN,dc=MYUNIVERSITY,dc=DE
---

Though this setup basically works and svnserve and IPA are running on the same machine I'm unhappy with PLAIN and "min-encryption = 0".

What would you suggest to improve security/enable encryption in this setup? I considered switching from svnserve to Apache, but that would imply that my users will have to get used to something new.


Mit freundlichen Gruessen/With best regards,

--Daniel.


It seems that no one on the list knows details about svn configuration so if you figure it out please share the results with the list.

--
Thank you,
Dmitri Pal

Director of Engineering for IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to