On Wed, Oct 11, 2006 at 06:53:17PM +0300, Vlad Georgescu wrote:
> On 10/11/06, Malcolm Rowe <email@example.com> wrote:
> >$ basic_tests.py --url=svn://localhost:3691 1
> >../svn-trunk/subversion/libsvn_ra_svn/sasl_auth.c:339: (apr_err=170001)
> >svn: SASL(-4): no mechanism available: No worthy mechs found
> >FAIL: basic_tests.py 1: basic checkout of a wc
> You shouldn't have to configure anything. A SASL-enabled svn is
> supposed to be backward compatible with old servers _if_ the ANONYMOUS
> and CRAM-MD5 plugins are installed on the system. (SASL mechanisms are
> implemented as plugins which are dynamically loaded at runtime by the
> main sasl lib). In your case, it's probably caused by a missing
> ANONYMOUS plugin (there should be a libanonymous.so in
Ah, that'll be it. I have no libanonymous.so, and unfortunately my
distro in this case (Slackware) doesn't seem to provide it at all.
I'll ask why not - there could be a good reason, I guess - but it would
also be nice if we didn't just fall in a heap in this case.
> >[Incidentally, I presume that these are done on a per-service basis or
> >similar? We're not going to ship in a mode that suddenly allows every
> >valid account in /etc/passwd to commit to a repository, are we?]
> Yes, configuring the range of allowed mechanisms and the
> password-checking method is done in a configuration file specific to
> Subversion (usually /usr/lib/sasl2/subversion.conf).
So if I wasn't authenticating via the SASL2 anonymous plugin (which I
guess then ends up at our internal anonymous or cram-md5 auth?), I would
have to create a system-wide config file before I could use any of the
other SASL mechanisms?
> >Can we not fall back to the previous authentication mechanism if SASL
> >doesn't have any matching authentication mechanisms?
> I think it's simpler to just require users to have those plugins
> installed than to complicate the SASL implementation.
I'm not sure I agree, but I'll see if I can find out why Slackware
doesn't ship with that plugin.
Received on Wed Oct 11 18:19:03 2006
- application/pgp-signature attachment: stored