[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN 1.8 Kerberos Client problems

From: Nicolai Scheer <nicolai.scheer_at_gmail.com>
Date: Tue, 8 Jul 2014 15:57:44 +0200

Hi,

I did an update to svn 1.8.9 on our server yesterday and am now
running into problems whilst updating the corresponding windows
client.

Server details:

CentOS 6.5 x64
SVN 1.8.9, compiled on my own
Apache 2.2.15
Authentication using mod_auth_kerb to windows domain

Client:
Windows Server 2008
TSVN 1.7.13

Everything ran fine so far. I then upgraded to TSVN 1.8.7 which ships
with svn 1.8.9 binaries.
Now, on every repository involving action I get kerberos errors in my
apache log:

[Tue Jul 08 15:08:10 2014] [error] [client 192.168.1.152]
gss_accept_sec_context() failed: No credentials were supplied, or the
credentials were unavailable or inaccessible (, Unknown error)

Strange thing is, TSVN works fine from a user perspective (no error
displayed whatsoever...). I then tried to use the svn command line
binaries, same result, evrythings works, but apache error log is DOSed
with these error entries.

I tried to either "prefer" or deny BulkUpdates on the server, nothing changes.

Since subversion 1.8 comes with serf, it might have do to with the way
serf handles kerberos.
From the linux cmd (on the svn server itself), I can use kerberos
(kinit + svn command afterwards) just fine, without any errors popping
up in the apache log.

Our browsers (IE, Chrome, FF) worked fine all the time using kerberos,
before and after upgrading svn on the server.

TSVN 1.7.13 works as well, so do the svn binaries shipped this version.

I'm quite stuck, because I do not know where to start. To my mind
kerberos is set up correctly because all clients work, except svn 1.8

I thought I could solve the problem by falling back to BulkUpdate, but
it does not seem to help.

Any suggestions are appreciated!

Greetings

Nico

PS:

svn apache config :

SVNInMemoryCacheSize 131072
SVNCacheTextDeltas On
SVNCacheFullTexts On
SVNCompressionLevel 6
SVNCacheRevProps On
<Location /repos>
    SSLRequireSSL
    DAV svn

    SVNListParentPath On
    SVNParentPath /var/local/svn/repos

    # Kerberos authentification
    AuthType Kerberos
    AuthName "Realm"
    KrbServiceName HTTP
    KrbLocalUserMapping on
    KrbAuthRealms REALM.INTERN
    KrbMethodNegotiate on
    KrbMethodK5Passwd on
    Krb5KeyTab /etc/httpd/kerberos/keytab
    KrbVerifyKDC on

    require valid-user

    AuthzSVNAccessFile /var/local/svn/auth/svn_authz
    SVNPathAuthz short_circuit
</Location>
Received on 2014-07-08 15:58:16 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.