[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: On backporting r21531 to 1.4.x.

From: D.J. Heap <djheap_at_gmail.com>
Date: 2006-10-12 15:42:16 CEST

On 10/10/06, Branko ╚ibej <brane@xbc.nu> wrote:
> Stefan KŘng wrote:
> > default is SSPI disabled:
> > * users can't connect to their repositories, because they have a proxy
> > in between which requires SSPI authentication.
>
> So what happens in the following case:
>
> * there's a proxy between the user and the repo that requires SSPI auth
> * using SSPI with the repo server results in the wrong user ID being
> used
>
> now if we disable SSPI in the second attempt ... won't the proxy
> authentication fail then?
>
> -- Brane
>

Neon 0.26.1 also allows the same new auth API's for proxies, so we
should probably add config options for http_proxy_auth, and maybe we
could do something here as well. But I'm not sure trying to handle
these 'authn works, authz fails' situations dynamically is going to be
practical. Does anyone know of some other app (browser or something)
that handles these kinds of problems well?

It seems to me that if you are using automatic-authn methods and want
to use a different user, then you need to use RunAs or 'su' or
whatever to temporarily tell the OS to switch your user credentials,
don't you? Isn't that the normal way to deal with different users in
automatic-authn environments?

DJ
Received on Thu Oct 12 15:42:44 2006

This is an archived mail posted to the Subversion Dev mailing list.