[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Negotiate Authentication Broken with Subversion 1.3.0

From: Patrick Ryan <tigris_at_pryan.org>
Date: 2006-02-23 18:47:17 CET

Hello dev,

I thought I would ask here too since I haven't heard anything on the
users' list.

Is Negotiate authentication known to work with Subversion 1.3.0? Does
anyone have a sample Apache2 config or can tell me what's wrong with
mine?

Thanks,
Patrick

----- Forwarded message from Patrick Ryan <tigris@pryan.org> -----

From: Patrick Ryan <tigris@pryan.org>
Subject: Negotiate Authentication Broken with Subversion 1.3.0
Date: Wed, 22 Feb 2006 17:44:39 -0800
To: users@subversion.tigris.org

Hello,

I've got two servers both hosting repositories. I'm using Apache2
mod_auth_kerb to authenticate to an Active Directory server. When I
turn off kerberos password authentication to force the use of Negotiate
authentication, both Subversion and Firefox fail to authenticate, but IE
works with Negotiate authentication against the server. Both Subversion
and Firefox fail without even prompting for credentials.

The client is choosing kerberos password authentication, but when I
force Negotiate authentication, neither Subversion nor Firefox work. I
expect Firefox to break, but not Neon 0.25.4 that's included with
Subversion 1.3.0. The error message appears to be the same in either
case (401 in the Apache logs):

[pryan@svn sandbox]$ svn ci
svn: Commit failed (details follow):
svn: MKACTIVITY of '/svn/sandbox/!svn/act/16c1adf6-6b0d-0410-9322-c1268cc03508': authorization failed (http://pledge.my.realm)
svn: Your commit message was left in a temporary file:
svn: '/home/pryan/pledge/sandbox/svn-commit.tmp'
[pryan@svn sandbox]$

Apache2 mod_auth_kerb working config:

    AuthType Kerberos
    KrbAuthRealms MY.REALM
    Krb5Keytab keytab_file

Apache2 mod_auth_kerb broken config:

    AuthType Kerberos
    KrbAuthRealms MY.REALM
    KrbMethodNegotiate on
    KrbMethodK5Passwd off
    Krb5Keytab keytab_file

Server 1
--------
OS: Debian sid
Debian subversion 1.2.3dfsg1-3
Debian apache2 2.0.55-4
Debian libapache-mod-auth-kerb 4.996-5.0-rc6-3

Server 2
--------
OS: Red Hat Enterprise Linux WS 3u5
RHEL Apache2 httpd-2.0.46-46.ent
Subversion 1.3.0
mod_auth_kerb 5.0rc6

Client 1
--------
OS: Windows XP SP2
TortoiseSVN 1.3.1 (subversion 1.3.0 with neon 0.25.4)

Client 2
--------
The subversion client from server 2.

Any ideas what's wrong with my setup?

Thanks,
Patrick

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

----- End forwarded message -----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 23 18:47:49 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.