[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [neon] excessive data transfer with SSPI

From: Joe Orton <joe_at_manyfish.co.uk>
Date: 2006-01-11 21:36:59 CET

Hi Stefan,

On Wed, Jan 11, 2006 at 08:16:52PM +0100, Stefan Küng wrote:
> With my latest patch to the SSPI feature in neon, the authentication now
> works, whether the user is part of a domain or not.
> But there's one more problem we (TSVN users) discovered with it:
> adding or checking out big compressed files leads to excessive data
> transfers. Some examples:
> 14.585MB wmv file added with SSPI authentication ==> data transferred:
> 278.362MB!
> The same file added (and committed) with basic authentication only
> transferred 12.88MB data!

Can you capture neon debug logs or ethereal traces and make them
available to me? (preferably with a small file being committed to
illustrate the problem)

If the server requires authentication only for PUT requests, then it
might be expected that some of the request bodies have to be resent
after authentication, when checking in. I can't think why checking
*out* would lead to problems of the same magnitude, though.

Trying to do GSSAPI-style authentication over HTTP is really inherently
flawed since GSSAPI provides connection authentication whereas HTTP
authentication is per-request. Some implementations of the server side
(mod_auth_sspi in this case) will require the client to reauthenticate
at every request, for this reason. Enabling KeepAlive in the httpd
configuration may work around that.



To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 11 21:38:32 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.