[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: On backporting r21531 to 1.4.x.

From: Daniel Rall <dlr_at_collab.net>
Date: 2006-10-09 22:32:19 CEST

Stefan, thank you for the *excellent*, detailed explanation of all the
various behaviors. :-)

On Mon, 09 Oct 2006, Stefan KŁng wrote:
...
> So my suggestion would be:
> * Subversion tells neon to authenticate with SSPI
> * SSPI authentication succeeds
> * Subversion tries to access the repository, but gets an authorization
> failure
> * Subversion retries the authentication, but this time tells neon to not
> use SSPI
> * neon uses basic authentication, which makes it ask Subversion for
> username/password

With this strategy, GSSAPI/SSPI authentication could successfully
authenticate you as the *wrong user* (since you're not explicitly
providing it with credentials).

If authorization doesn't fail, you could end up making commits under
an inappropriate user ID.

> With my suggestion, the config option in the servers file would be
> obsolete because Subversion would automatically retry without SSPI.
> But of course, this only works with neon 0.26.x and not with neon 0.25.
> And it requires using the new API of neon.

Will specifying --username/--password on the command-line (or
equivalent via the APIs) be enough to override the credentials
inferred by GSSAPI/SSPI auth? I'm not certain that it is...

  • application/pgp-signature attachment: stored
Received on Mon Oct 9 22:33:45 2006

This is an archived mail posted to the Subversion Dev mailing list.