[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

https, virtual host and Kerberos Negotiate

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2007-03-19 11:40:18 CET

  Hello,

My Subversion server uses Apache2 with mod-auth-kerb 5.3 on Debian
GNU/Linux Sarge.
Everything works fine with HTTPS and Kerberos SPNEGO authentication as
far as the FQDN server name (srv12345.mydomain.com) is used on win32.

On Unix platform, the svn client (Linux 1.4.3 with neon 0.25.5) does
SPNEGO perfectly with both FQDN or server alias svn.mydomain.com

On win32 platform, the svn 1.4.3 client built with neon 0.25.5:
 . authenticates properly with Kerberos Negotiate when accessing
   https://server12345.mydomain.com/subversion/project/

 . Kerberos Negotiate fails when accessing
   https://svn.mydomain.com/subversion/project/
   and the svn client falls back to basic authentication.

I think this is a platform specific bug.
Unix version does things right:
. first find the IP for the URL hostname
. then a reverse DNS call to get the FQDN of the server
. connect with the FQDN

This logic should be ported on win32 too.

Thank you in advance for your attention

-- 
Yves Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Mar 22 23:33:22 2007

This is an archived mail posted to the Subversion Dev mailing list.