[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

GSSAPI and subversion - buildcheck unhappy about neon-0.25, mod_authz_svn, + svnserve

From: Simon Spero <ses_at_unc.edu>
Date: 2004-11-29 23:18:48 CET

1) neon 0.25 fixes some nasty bugs in their handling of GSSAPI web
authentication. I hacked buildcheck locally, and things build and run
fine.

2) There's a performance leak in mod_authz_svn that only really matters
when you're using a relatively expensive www-authentication scheme
(like Negotiate with GSSAPI). Because it uses a different config
object for each directory, even if the contents of the config might be
identical, mod_authz_svn defeats apache's internal auth caching.

This means that apache ends up redoing the GSSAPI authentication many
times for a single request. The correct place to fix this may well be
apache, but it might be possible to tune the svn module too.

3) Is there a specific reason why subversion doesn't use the cyrus sasl
libs? Also, if I refactored the code in libsvn_ra_svn so that all read
and write access were to go through an extra layer of indirection, so
that encryption via a sasl security layer could be negotiated, would
anything not in that module be able to see the difference?

4) I'm starting to feel the urge to see if it's possible to write an
automatic utility to convert apache2 and its libs and offspring to
objective-C. Old School knows why this would be so appropriate.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Nov 29 23:20:52 2004

This is an archived mail posted to the Subversion Dev mailing list.