[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: DIGEST-MD5 not working with svnserve/SASL

From: David Glasser <glasser_at_davidglasser.net>
Date: Thu, 1 May 2008 12:58:21 -0700

On Thu, May 1, 2008 at 12:31 PM, David Glasser <glasser_at_davidglasser.net> wrote:
> On Thu, May 1, 2008 at 12:06 PM, Mark Phippard <markphip_at_gmail.com> wrote:
> > On Thu, May 1, 2008 at 2:54 PM, Eric Gillespie <epg_at_pretzelnet.org> wrote:
> > > "Mark Phippard" <markphip_at_gmail.com> writes:
> > >
> > >
> > > > > May 1 10:50:06 svnfe-test svnserve[1696]: encoded packet size too big (809115648 > 4096)
> > > >
> > > > How did you get that? The new trunk logging?
> > >
> > > No, Cyrus sasl uses syslog on linux, so you'll find that even
> > > without the new logging.
> >
> > OK, thanks. I see it on OSX too, with same error message you saw:
> >
> > May 1 15:04:50 : encoded packet size too big (809115648 > 4096)
> >
> >
> > > > I am not sure why CRAM-MD5 does not have the same problem. Possibly
> > > > because it winds up using pre-SASL code or something?
> > >
> > > No, since we use SASL to hook into our custom user database, we
> > > are certain that we're not bypasing SASL.
> >
> > Well I meant after the authentication maybe DIGEST and CRAM are
> > different. For example, the docs seemed to imply the encryption only
> > kicks in for DIGEST.
>
> You are correct that this is the difference. The client was sending
> an empty string response (encoded as "0: ") when the SASL conversation
> should have been finished. This confused the server, which assumed
> everything coming next was encoded specially (encrypted?).
>
> See r30896; tell me if it fixes things for you (and doesn't break
> other auth versions, etc).

That broke CRAM-MD5. r30905 should make everything happy.

--dave

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-01 21:58:34 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.