On Tue, Jun 4, 2013 at 3:19 PM, Lieven Govaerts <l...@apache.org> wrote: > On Tue, Jun 4, 2013 at 12:55 PM, Ivan Zhakov <i...@visualsvn.com> wrote: >> On Tue, Jun 4, 2013 at 2:51 PM, Lieven Govaerts <l...@apache.org> wrote: >>> Hi, >>> >>> >>> see subject. Serf and ra_serf don't have smart card support at this >>> moment, unlike neon. >>> >>> I'd expected this to be mentioned in the release notes for 1.8.0 as >>> this is not new information (at least I hope so), but I can't find >>> anything about it. >>> >> Serf doesn't support smart cards for SSL based authentication, but >> SPNego (Kerberos/NTLM) smart authentication works fine. > > Ah, didn't know that. So you use your smart card to log in to Windows > and/or to the domain, which then enables single sign-on to a > Kerberos-enabled svn server right? > I didn't try Kerberos-enabled server. I tested using Active Directory domain controller. Windows SSPI automatically uses credentials from smart card used to logon to Windows.
> In such a scenario, would you make the SSL layer additionally request > a valid client certificate? > This performed using different API. I believe that can be handled automatically by openssl when CAPI engine is enabled. -- Ivan Zhakov CTO | VisualSVN | http://www.visualsvn.com
