https, virtual host and Kerberos Negotiate

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2007-03-19 14:04:56 CET

Hello,

My Subversion server uses Apache2 with mod-auth-kerb 5.3 on Debian
GNU/Linux Sarge.
Everything works fine with HTTPS and Kerberos SPNEGO authentication as
far as the FQDN server name (srv12345.mydomain.com) is used on win32.

On Unix platform, the svn client (Linux 1.4.3 with neon 0.25.5) does
SPNEGO perfectly with both FQDN or server alias svn.mydomain.com

On win32 platform, the svn 1.4.3 client built with neon 0.25.5:
. authenticates properly with Kerberos Negotiate when accessing
https://server12345.mydomain.com/subversion/project/

. Kerberos Negotiate fails when accessing
https://svn.mydomain.com/subversion/project/
and the svn client falls back to basic authentication.

May you confirm it is a platform specific bug ?

Unix version does things right:
. first find the IP for the URL hostname
. then a reverse DNS call to get the FQDN of the server
. ask GSSAPI for a Kerberos token for the FQDN service HTTP/server12345.mydomain.com
. connect to Apache2 with the given URL and provide the FQDN token-based.

This logic should be ported on win32 too to make SPNEGO works perfectly.

Thank you in advance for your attention

-- 
Yves Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Mon Mar 19 14:05:25 2007

This message: [ Message body ]
Next message: Laxmilal Menaria: "Subversion on Another machine not working"
Previous message: Matt Sickler: "Re: lock problem"
Next in thread: Colleen Dick: "Svn 1.4 on slackware"
Reply: Colleen Dick: "Svn 1.4 on slackware"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]