hgssoauthentication /

Filename Size Date modified Message
53 B
1.3 KB
5.6 KB
Mercurial SSO Authentication

This mecurial extension allows you to use single sign-on authenticate with
web servers that use NTLM or kerberos authentication.

Either the kerberos or sspi (from pywin32) python packages have to be
available in your mecurial installation. 

I tested it with
    Windows client -> Windows Server (with mod_auth_sspi)    (works)
    Ubuntu client  -> Windows Server (with mod_auth_sspi)    (doesn't work)
    Windows client -> Ubuntu Server (with mod_auth_kerb)     (works)
    Ubuntu client  -> Ubuntu Server (with mod_auth_kerb)     (works)


To use this extension simply add it to your mercurial.ini like this:

Example Apache Configuration

    AuthName "My Login"
    SSPIAuth On
    SSPIAuthoritative On
    SSPIDomain mydomain.com
    SSPIOfferBasic Off
    SSPIOmitDomain On
    SSPIUsernameCase lower
    Require valid-user

    AuthName "My Login"
    AuthType Kerberos
    Krb5Keytab /etc/apache2/http.keytab
    KrbMethodK5Passwd off
    KrbAuthRealms MYDOMAIN.COM
    KrbVerifyKDC on
    Require valid-user