Philip Martin wrote:
> >>>
> >>> Have you tried with "mech_list: gssapi" so that the client has no choice?
> >>
> >> Yes, in fact I wrote about it in the original post. I repeat:
> >>
> >> If I disable the digest-md5 mech on the server, like
> >> (mech_list: gssapi anonymous), I get:
> >
> > I'm not a SASL expert, what does anonymous do? Does that give the
> > client a choice? Can you use "mech_list: gssapi"?
>
> One other thing is there is a note in
> http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt that
> states that setting the client's max-encryption to more than 56 will
> prevent GSSAPI working. I don't know whether that is still true or
> out-of-date, or why this should suddenly be an issue when going from 1.6
> to 1.7.
min-encryption and max-encryption are server-side settings, and the
issue is more probably in the client.
Yes, I tried specifying min-encryption = 0; max-encryption = 56 on the
server side (in conf/svnserve.conf) but it makes no difference. It's
the client that does not even try to contact the KDC for a service
ticket.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov_at_sibptus.tomsk.ru
Received on 2011-12-07 12:22:40 CET