On Tue, Jun 4, 2013 at 3:56 PM, Lieven Govaerts <l...@apache.org> wrote: > On Tue, Jun 4, 2013 at 1:25 PM, Ivan Zhakov <i...@visualsvn.com> wrote: >> On Tue, Jun 4, 2013 at 3:19 PM, Lieven Govaerts <l...@apache.org> wrote: >>> On Tue, Jun 4, 2013 at 12:55 PM, Ivan Zhakov <i...@visualsvn.com> wrote: >>>> On Tue, Jun 4, 2013 at 2:51 PM, Lieven Govaerts <l...@apache.org> wrote: >>>>> Hi, >>>>> >>>>> >>>>> see subject. Serf and ra_serf don't have smart card support at this >>>>> moment, unlike neon. >>>>> >>>>> I'd expected this to be mentioned in the release notes for 1.8.0 as >>>>> this is not new information (at least I hope so), but I can't find >>>>> anything about it. >>>>> >>>> Serf doesn't support smart cards for SSL based authentication, but >>>> SPNego (Kerberos/NTLM) smart authentication works fine. >>> >>> Ah, didn't know that. So you use your smart card to log in to Windows >>> and/or to the domain, which then enables single sign-on to a >>> Kerberos-enabled svn server right? >>> >> I didn't try Kerberos-enabled server. I tested using Active Directory >> domain controller. Windows SSPI automatically uses credentials from >> smart card used to logon to Windows. >> >>> In such a scenario, would you make the SSL layer additionally request >>> a valid client certificate? >>> >> This performed using different API. I believe that can be handled >> automatically by openssl when CAPI engine is enabled. >> > > You are referring to a configuration where OpenSSL uses MS's CryptoAPI > to use the Windows certificate store. Yes.
-- Ivan Zhakov CTO | VisualSVN | http://www.visualsvn.com
