[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Support for HTTP Negotiate authentication

From: Ray Miller <ray_at_sysdev.oucs.ox.ac.uk>
Date: 2005-10-30 14:16:29 CET

I have been looking into support for HTTP Negotiate authentication for
WebDAV access to Subversion repositories. In theory, this should be
fairly straightforward, as mod_auth_kerb
<http://modauthkerb.sourceforge.net/> takes care of the Apache side of
things and neon supports the Negotiate authentication method.

Unfortunately, initial tests indicate that this is not working properly
in neon 0.24.7; setting neon-debug-mask = 8 reveals:

    ah_create, for WWW-Authenticate
    Not handling session.
    ah_post_send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate
    Got challenge with code 401.
    Got new auth challenge: Negotiate
    New challenge for scheme [Negotiate]
    GSSAPI scheme.
    Finished parsing parameters.
    Looking for GSSAPI.
    gss_init_sec_context failed.

A standalone test with neon 0.24.7 exhibits the same problem but works
with neon 0.25.4.

Are there any plans to update Subversion to the neon 0.25 API? Has
someone already done this, or would you welcome a patch against
libsvn_ra_dav?

This issue might be related:
<http://subversion.tigris.org/issues/show_bug.cgi?id=1844>. It implies
that Serge Gotvansky has built subversion against neon 0.25.2:
<http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=102592>;
is that patch available?

-- 
Ray Miller, Systems Development & Support Section Manager
Computing Services, University of Oxford

Received on Sun Oct 30 15:53:59 2005

This is an archived mail posted to the Subversion Dev mailing list.