Stefan, thank you for the *excellent*, detailed explanation of all the
various behaviors. :-)
On Mon, 09 Oct 2006, Stefan KŁng wrote:
> So my suggestion would be:
> * Subversion tells neon to authenticate with SSPI
> * SSPI authentication succeeds
> * Subversion tries to access the repository, but gets an authorization
> * Subversion retries the authentication, but this time tells neon to not
> use SSPI
> * neon uses basic authentication, which makes it ask Subversion for
With this strategy, GSSAPI/SSPI authentication could successfully
authenticate you as the *wrong user* (since you're not explicitly
providing it with credentials).
If authorization doesn't fail, you could end up making commits under
an inappropriate user ID.
> With my suggestion, the config option in the servers file would be
> obsolete because Subversion would automatically retry without SSPI.
> But of course, this only works with neon 0.26.x and not with neon 0.25.
> And it requires using the new API of neon.
Will specifying --username/--password on the command-line (or
equivalent via the APIs) be enough to override the credentials
inferred by GSSAPI/SSPI auth? I'm not certain that it is...
Received on Mon Oct 9 22:33:45 2006
- application/pgp-signature attachment: stored