Return-Path: X-Original-To: apmail-subversion-dev-archive@minotaur.apache.org Delivered-To: apmail-subversion-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5C10310125 for ; Tue, 4 Jun 2013 11:20:34 +0000 (UTC) Received: (qmail 50974 invoked by uid 500); 4 Jun 2013 11:20:33 -0000 Delivered-To: apmail-subversion-dev-archive@subversion.apache.org Received: (qmail 50929 invoked by uid 500); 4 Jun 2013 11:20:33 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 50913 invoked by uid 99); 4 Jun 2013 11:20:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Jun 2013 11:20:31 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lieven.govaerts@gmail.com designates 209.85.160.49 as permitted sender) Received: from [209.85.160.49] (HELO mail-pb0-f49.google.com) (209.85.160.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Jun 2013 11:20:27 +0000 Received: by mail-pb0-f49.google.com with SMTP id jt11so87363pbb.36 for ; Tue, 04 Jun 2013 04:20:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=JfSwHIDetvCnyHoipQUTA6KFiN6xykMeyEH5r/Guy58=; b=WKG7TF7Fm85OiDoOOuR04xZZlfsIlfh5d/kYK1p4cFSJSLlEFfeZko8VtY0UdrhwTq SEP9lfBKTZToxKs6+QiGvdBEYXpQHxIuTUFu3c5KhXNbQBCM7U/pstYkHvkMxO4APbZj TmBsCBN6bJtUlznrzG8sS0lz3yaY3M9P5fttXrmqInUtDQqtDVDR7WmH847wrX88mBGJ C1lj7J/hGPgaF/wZ0x9MJU6CwArxawa3Zc4WipeKSNGv+pxdw8gOsGDbrDEoSy8auEJl /C47EDk7TjOI/xuvW3E3hB8WsMBJWIZgSPxbFN5/NO0ijB7QPqm3FEZfM2tzG8zb0KQk 4Hlw== X-Received: by 10.68.247.131 with SMTP id ye3mr28174012pbc.87.1370344807008; Tue, 04 Jun 2013 04:20:07 -0700 (PDT) MIME-Version: 1.0 Sender: lieven.govaerts@gmail.com Received: by 10.70.37.70 with HTTP; Tue, 4 Jun 2013 04:19:46 -0700 (PDT) In-Reply-To: References: From: Lieven Govaerts Date: Tue, 4 Jun 2013 13:19:46 +0200 X-Google-Sender-Auth: gB0QqPXIsfcynZ_vCLU2vt2O2QE Message-ID: Subject: Re: Should missing smart card support not be added in the release notes? To: Ivan Zhakov Cc: Subversion Development Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org On Tue, Jun 4, 2013 at 12:55 PM, Ivan Zhakov wrote: > On Tue, Jun 4, 2013 at 2:51 PM, Lieven Govaerts wrote: >> Hi, >> >> >> see subject. Serf and ra_serf don't have smart card support at this >> moment, unlike neon. >> >> I'd expected this to be mentioned in the release notes for 1.8.0 as >> this is not new information (at least I hope so), but I can't find >> anything about it. >> > Serf doesn't support smart cards for SSL based authentication, but > SPNego (Kerberos/NTLM) smart authentication works fine. Ah, didn't know that. So you use your smart card to log in to Windows and/or to the domain, which then enables single sign-on to a Kerberos-enabled svn server right? In such a scenario, would you make the SSL layer additionally request a valid client certificate? Lieven