Subversion is a powerful source code control repository, but getting it to authenticate using Windows users can be a mite tricky...
In this setup the aim is to have an Apache served repository allow author details to be recorded in the subversion repository (predominantly to allow you to find out who to blame) - so the setup will be simply to allow all users read access to the repository and ensure that domain authenticated users only are allowed to write to the repository.
First step is to install the Subversion repository and get it running with Apache; I find the CollabNet package really well put together (v 1.4.6 is what is used in this setup and can be obtained from http://downloads.open.collab.net/collabnet-subversion.html). The CollabNet install is very simple just be sure to choose Apache, and make sure the repository is working unauthenticated before moving on.
Once its all running you need to download the mod_auth_sspi Apache plug in, there are various builds available, but the one I have found to be reliable is the sourceforge project available from http://sourceforge.net/projects/mod-auth-sspi. You need to make sure you use the correct plug in version for the version of Apache, version 1.04 from the mod_auth_sspi-1.0.4-2.0.58.zip drop works with the v1.4.6 CollabNet package. From the downloaded zip copy the mod_auth_sspi.so file into the httpd\modules in the CollabNet install directory (default is c:\program files\CollabNet Subversion Server\httpd\modules). Then you need to edit the httpd.conf file in the CollabNet install directory http\conf (default c:\program files\CollabNet Subversion Server\httpd\conf):
Add
LoadModule sspi_auth_module modules/mod_auth_sspi.so
after the mod_auth.so load:
LoadModule auth_module modules/mod_auth.so
then add
LoadModule authz_svn_module modules/mod_authz_svn.so
after the mod_dav_svn.so load:
LoadModule dav_svn_module modules/mod_dav_svn.so
Finally add
# authentication
AuthName "Subversion Authentication"
AuthType SSPI SSPIAuth On
SSPIAuthoritative On
SSPIDomain DOMAIN.COMPANY.COM
SSPIOfferBasic On
SSPIOmitDomain On
SSPIUsernameCase upper
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
within the <Location> tag at the end of the file following the location defaults
DAV svn SVNParentPath C:/svn_repository
The settings are in the main self explanatory, AuthType SSPI is fairly obvious as are SSPIAuth and SSPIAuthoritative (turning it on). The SSPIDomain define the domain to authenticate against, and must be the full domain name. The SSPIOfferBasic, SSPIOmitDomain and SSPIUsernameCase settings ensure the user is correctly prompted for authentication when requesting an operation other than the basic read ones listed in LimitExcept.
There are ways to finely control access rights at all levels of the repository - but frankly I find the simplest configuration of recording the user who made the change rather than locking down easiest to manage in the long run.
After making the config changes restart the Apache server in the services.msc control panel plug in. If it starts then you have done everything and just need to make sure that authentication details are recorded when you make repository changes (if you are using TortoiseSVN don't try this test using the repository browser to create folders it just doesn't request the authentication!). If the service doesn't start then you have to start trial and error! My recommendation would be to add the config items piece by piece in the order listed above checking the Apache logs as you go. The authentication block is usually the tricky bit, again commenting out the salient bits (like SSPIDomain and LimitExcept) until the service starts.
Once you are at this point you can start additional configuration as required to more finely control access to the repository - however now is when I normally leave it...