[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: GSSAPI auth stopped working after upgrade

From: Victor Sudakov <sudakov_at_sibptus.tomsk.ru>
Date: Wed, 7 Dec 2011 18:22:03 +0700

Philip Martin wrote:
> >>>
> >>> Have you tried with "mech_list: gssapi" so that the client has no choice?
> >>
> >> Yes, in fact I wrote about it in the original post. I repeat:
> >>
> >> If I disable the digest-md5 mech on the server, like
> >> (mech_list: gssapi anonymous), I get:
> >
> > I'm not a SASL expert, what does anonymous do? Does that give the
> > client a choice? Can you use "mech_list: gssapi"?
>
> One other thing is there is a note in
> http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt that
> states that setting the client's max-encryption to more than 56 will
> prevent GSSAPI working. I don't know whether that is still true or
> out-of-date, or why this should suddenly be an issue when going from 1.6
> to 1.7.

min-encryption and max-encryption are server-side settings, and the
issue is more probably in the client.

Yes, I tried specifying min-encryption = 0; max-encryption = 56 on the
server side (in conf/svnserve.conf) but it makes no difference. It's
the client that does not even try to contact the KDC for a service
ticket.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov_at_sibptus.tomsk.ru
Received on 2011-12-07 12:22:40 CET

This is an archived mail posted to the Subversion Dev mailing list.