Overview

Mercurial SSO Authentication

This mecurial extension allows you to use single sign-on authenticate with web servers that use NTLM or kerberos authentication.

Either the kerberos or sspi (from pywin32) python packages have to be available in your mecurial installation.

I tested it with

Windows client -> Windows Server (with mod_auth_sspi)    (works)
Ubuntu client  -> Windows Server (with mod_auth_sspi)    (doesn't work)
Windows client -> Ubuntu Server (with mod_auth_kerb)     (works)
Ubuntu client  -> Ubuntu Server (with mod_auth_kerb)     (works)

Installation

To use this extension simply add it to your mercurial.ini like this:

[extensions]
hgssoauthentication=c:\path\to\hgssoauthentication.py

Example Apache Configuration

mod_auth_sspi

AuthName "My Login"
SSPIAuth On
SSPIAuthoritative On
SSPIDomain mydomain.com
SSPIOfferBasic Off
SSPIOmitDomain On
SSPIUsernameCase lower
Require valid-user

mod_auth_kerb

AuthName "My Login"
AuthType Kerberos
Krb5Keytab /etc/apache2/http.keytab
KrbMethodK5Passwd off
KrbAuthRealms MYDOMAIN.COM
KrbVerifyKDC on
Require valid-user