You are here

iFriend access to University central SVN repositories

Printer-friendly versionPrinter-friendly version

Accessing the University SVN service as an iFriend is documented on the Version Control Service web page of the Edinburgh Compute and Data Facility.

Some client side configuration may be required for this to work correctly. This document explains why this may be necessary and what may need to be configured.

iFriend access to the central SVN service works through Kerberos cross-realm trusts, specifically a trust between the FRIEND.INF.ED.AC.UK realm and INF.ED.AC.UK and another trust between INF.ED.AC.UK and EASE.ED.AC.UK (where the SVN service is located).

For a client principal authenticated in the FRIEND.INF.ED.AC.UK realm to use a service in EASE.ED.AC.UK, it may be necessary to configure kerberos libraries so that they know how to use the trust chain described above.

This involves making changes to the following configuration file:

  • /etc/krb5.conf (on Unix/Linux systems)
  • /Library/Preferences/edu.mit.Kerberos (on MacOS systems)
  • (Microsoft Windows instructions to follow)

If you do not have permission to edit /etc/krb5.conf, then you can set the KRB5_CONFIG environment variable to use an alternative file, e.g.:

export KRB5_CONFIG=/tmp/krb5.conf

The first change should be made to the [libdefaults] section of the file to add the following lines:

 dns_lookup_kdc = true
 dns_lookup_realm = true

These lines ensure that kerberos can firstly locate the realm in which the SVN service is located (it is hosted in the DNS domain of ecdf.ed.ac.uk, but uses EASE.ED.AC.UK) and also locate the authentication services for that realm.

Secondly, the following section should be added to the file:

[capaths]
 FRIEND.INF.ED.AC.UK = {
  EASE.ED.AC.UK = INF.ED.AC.UK
 }

This tells the kerberos libraries about the realm trust chain in place.

With this configuration it should be possible to use SVN as an iFriend with something like this:

$: kinit friend%friend.domain@FRIEND.INF.ED.AC.UK
friend%friend.domain@FRIEND.INF.ED.AC.UK's Password: 
$: svn co https://svn-kerberos.ecdf.ed.ac.uk/repo/inf/MyRepo
...
Last reviewed: 
09/05/2017

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic