Re: On backporting r21531 to 1.4.x.

From: Daniel Rall <dlr_at_collab.net>
Date: 2006-10-09 22:32:19 CEST

Stefan, thank you for the *excellent*, detailed explanation of all the
various behaviors. :-)

On Mon, 09 Oct 2006, Stefan Küng wrote:
...
> So my suggestion would be:
> * Subversion tells neon to authenticate with SSPI
> * SSPI authentication succeeds
> * Subversion tries to access the repository, but gets an authorization
> failure
> * Subversion retries the authentication, but this time tells neon to not
> use SSPI
> * neon uses basic authentication, which makes it ask Subversion for
> username/password

With this strategy, GSSAPI/SSPI authentication could successfully
authenticate you as the *wrong user* (since you're not explicitly
providing it with credentials).

If authorization doesn't fail, you could end up making commits under
an inappropriate user ID.

> With my suggestion, the config option in the servers file would be
> obsolete because Subversion would automatically retry without SSPI.
> But of course, this only works with neon 0.26.x and not with neon 0.25.
> And it requires using the new API of neon.

Will specifying --username/--password on the command-line (or
equivalent via the APIs) be enough to override the credentials
inferred by GSSAPI/SSPI auth? I'm not certain that it is...

application/pgp-signature attachment: stored

Received on Mon Oct 9 22:33:45 2006

This message: [ Message body ]
Next message: Joseph Galbraith: "Re: On backporting r21531 to 1.4.x."
Previous message: Mark Phippard: "Re: On backporting r21531 to 1.4.x."
In reply to: Stefan KÃ¼ng: "Re: On backporting r21531 to 1.4.x."
Next in thread: Stefan Küng: "Re: On backporting r21531 to 1.4.x."
Reply: Stefan Küng: "Re: On backporting r21531 to 1.4.x."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]