[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn co problems

From: D.J. Heap <djheap_at_gmail.com>
Date: 2006-09-16 15:28:04 CEST

On 9/13/06, D.J. Heap <djheap@gmail.com> wrote:
[snip]
>
> 1.4.0 was built with a newer neon (0.26.1), but I don't know if SSPI
> support changed significantly in the new version. It looks like it
> has to be explicitly enabled outside of the normal Subversion build
> process and I doubt Brane did that with the 1.3.x releases, but I've
> asked him about it so hopefully he can comment if he's not too busy.
> I know the TSVN guys have played with SSPI quite a bit and disabled it
> (at least they did for a while) due to Guest account issues or
> something like that.
>

I believe I have narrowed the issue down to a change in neon 0.26 --
by default it no longer supports SSPI/Neogiate authentication over
http, only https. This change appears to be due to the potential
danger of doing SSPI/Negotiate over http -- from the neon comments:

/* NE_AUTH_NEGOTIATE: Negotiate uses GSSAPI/SSPI to authenticate the
 * user; an active attacker can modify any of the request/response at
 * will, so this must not be used over an unsecured channel. */

So, you can either use https or use binaries built with neon 0.25.5 or
wait for a Subversion release that allows authentication types to be
configurable (for which I've posted a patch that will hopefully be
committed soon).

DJ

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Sep 16 15:28:16 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.