[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Force windows client to use certain authentication

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Fri, 26 Sep 2014 16:35:45 +0200

On 26.09.2014 09:44, Pauli Sundberg wrote:
> Hi all.
>
> The background of the problem is that we have visual-svn server
> running (somewhere) and it is painfully slow to use with windows.
> With linux the server works fast. We are speaking 90sec vs 3sec in
> 'svn up'. I did some package capture with wireshark and i see that
> windows client is doing lots of LDAP queries and waiting for
> responses. The visual svn server also provides browser interface, and
> that also works fine (with windows). I know that the proper answer is
> that "fix your server/domain" but unfortunately its not my call.

But you could ask others to fix the domain?

> So, i would like to make my life bearable by forcing my windows svn
> client to use http-basic authentication (to skip windows domain
> authentication that i think is causing slow performance). And based
> on manual i think would need to set "http-auth-types" = "basic".
>
> I tried setting %USERPROFILE%\AppData\Roaming\Subversion\servers
> setting "http-auth-types" and i was able to get error by setting it
> to "FOO" (so its proper file and its red ok). Setting it to "basic"
> seems to have no effect; the same (slow) authentication cycle
> continues.

No, it can't have an effect: domain authentication is done by ssl way
before svn even gets asked about authentication,

> I tried also configuration line option
> --config-option=servers:global:http-auth-types=FOO - it gives error
> on linux but works fine on windows, without effect (dont know why!).
>
> I am running "svn, version 1.8.8 (r1568071), compiled Feb 18 2014,
> 20:42:30 on x86-microsoft-windows" and the schema is HTTPS that is
> handled by "ra_serf".
>
> Any suggestions what i am doing wrong?

the domain authentication is done by the ssl library, not svn. So you
can't disable that.
Such a slowdown as you described usually only happens if the user GUEST
is active on your computer and/or the domain. If that user is active on
a domain, that's never a good idea and only causes security risks - in a
normal setup, that user is never used and therefore should be
disabled/removed.

The slowdown happens because domain authentication is per definition
always done using the credentials with the least privileges. So if the
user GUEST is active, every net request is first tried with that user.
Of course, that user does not have access to your repository so an error
is returned, which then causes the domain auth to try the next user (the
one you're logged in with).

Also, TortoiseSVN has the eCapi module enabled in OpenSSL. It shouldn't
cause such slowdowns but since I don't know your exact setup I can't be
sure. To disable that, create the DWORD registry value
HKCU\Software\TortoiseSVN\OpenSSLCapi and set it to zero.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=3089083
To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-09-26 16:35:51 CEST

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.