[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Proxy authentication with Negotiate uses wrong host

From: <1983-01-06_at_gmx.net>
Date: Wed, 24 Aug 2011 09:26:19 +0200

> Betreff: Re: Proxy authentication with Negotiate uses wrong host
> > Digging deeper into that file shows that Negotiate auth for servers
> > (not proxy servers) is done only when the server is servered with
> > HTTPS [2].
>
> Having taken a brief glance it looks as if you can override this
> via the http-auth-types option in ~/.subversion/servers.
> Have you tried that?

Yes, I did that already. Set to negotiate;basic. No avail.
For some strange reason it simply ignores the setup. Should I try any specific neon debug mask?
 
> > I took a look back at neon_auth.h (define
> > NE_AUTH_NEGOTIATE) [3] and it constantly says that Digest and
> > Negotiate are unsecure and require a secure connection which is
> > complete non-sense. Kerberos was designed to provide security in
> > unsecure networks. This is definitively wrong documentation.
>
> Not sure if this documentation is generally wrong.
> It can depend on what kinds of assumptions people make about security.
> Please verify this question with the neon devs.

I'll do but why is Negotiate auth activated in session.c if the target host is ssy only? This should be on the user to decide not subversion.

Mike

-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!		
Jetzt informieren: http://www.gmx.net/de/go/freephone
-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!		
Jetzt informieren: http://www.gmx.net/de/go/freephone
Received on 2011-08-24 09:27:33 CEST

This is an archived mail posted to the Subversion Users mailing list.