[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SSPI working via Firefox, not working via TortoiseSVN ?

From: Steven <steven.becke_at_gmail.com>
Date: Thu, 22 Jan 2009 13:12:30 -0800 (PST)

I'm having a difficult time getting SSPI to work with TortoiseSVN. I'm
not
sure if the fault lies with TortoiseSVN, or my server configuration -
since
SSPI access is working via Firefox I lean towards it being
Tortoise...?

I'm using Apache as my server (https) with mod_auth_sspi.so running &
it's on a
Win2003 box. My client box is win xp running TortoiseSVN 1.5.6 (Build
14908 - 32
 Bit , 2008/12/20 11:51:04)

As I mentioned it works from Firefox with no problem - automatically
logging me
me in without prompt. If I remove SVNSERVER from Firefox's list of
trusted sites, Firefox prompts me for credentials which it accepts -
ie, Firefox
is behaving just as you would expect if SSPI is working / configured
correctly.

TortoiseSVN however fails with a 401 Authorization Required error when
I try
access the same repo via the Tortoise's repo browser.

I get the following log entries in Apache for the Firefox read
attempts vs
TortoiseSVN:

In Firefox, entered url: https://SVNSERVER:8443/sspi/my_repo
SSPI worked. Firefox showed root folder of repo without prompting for
password.

[Thu Jan 22 11:06:16 2009] [info] [client 192.168.1.100] Connection to
child 0 established (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Seeding PRNG with 144 bytes of
entropy
[Thu Jan 22 11:06:16 2009] [info] Initial (No.1) HTTPS request
received for child 0 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Subsequent (No.2) HTTPS request
received for child 0 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Subsequent (No.2) HTTPS request
received for child 0 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] [client 192.168.1.100] Access
granted: 'my_username' GET my_repo:/
[Thu Jan 22 11:06:16 2009] [info] [client 192.168.1.100] Connection to
child 1 established (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Seeding PRNG with 144 bytes of
entropy
[Thu Jan 22 11:06:16 2009] [info] Initial (No.1) HTTPS request
received for child 1 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Subsequent (No.3) HTTPS request
received for child 0 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Subsequent (No.2) HTTPS request
received for child 1 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Subsequent (No.4) HTTPS request
received for child 0 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [info] Subsequent (No.3) HTTPS request
received for child 1 (server SVNSERVER:8443)
[Thu Jan 22 11:06:16 2009] [error] [client 192.168.1.100] File does
not exist: C:/Program Files/SVN Server/htdocs/favicon.ico
[Thu Jan 22 11:06:19 2009] [info] Subsequent (No.5) HTTPS request
received for child 0 (server SVNSERVER:8443)
[Thu Jan 22 11:06:19 2009] [error] [client 192.168.1.100] File does
not exist: C:/Program Files/SVN Server/htdocs/favicon.ico
[Thu Jan 22 11:06:22 2009] [info] [client 192.168.1.100] (OS 10060)A
connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed
because connected host has failed to respond. : SSL input filter read
failed.
[Thu Jan 22 11:06:22 2009] [info] [client 192.168.1.100] Connection
closed to child 1 with standard shutdown (server SVNSERVER:8443)
[Thu Jan 22 11:06:25 2009] [info] [client 192.168.1.100] (OS 10060)A
connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed
because connected host has failed to respond. : SSL input filter read
failed.
[Thu Jan 22 11:06:25 2009] [info] [client 192.168.1.100] Connection
closed to child 0 with standard shutdown (server SVNSERVER:8443)

In TortoiseSVN repo browser entered url: https://SVNSERVER:8443/sspi/my_repo
fails with error message: Server sent unexpected return value (401
Authorization Required) in response to PROPFIND request for 'sspi/
my_repo'

[Thu Jan 22 11:09:29 2009] [info] [client 192.168.1.100] Connection to
child 2 established (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Seeding PRNG with 144 bytes of
entropy
[Thu Jan 22 11:09:29 2009] [info] Initial (No.1) HTTPS request
received for child 2 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Subsequent (No.2) HTTPS request
received for child 2 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Subsequent (No.2) HTTPS request
received for child 2 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] [client 192.168.1.100] Access
granted: 'my_username' OPTIONS my_repo:/
[Thu Jan 22 11:09:29 2009] [info] Subsequent (No.3) HTTPS request
received for child 2 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [error] [client 192.168.1.100] (OS 87)The
parameter is incorrect. : authentication failure for "/sspi/my_repo":
user unknown, reason: cannot generate context
[Thu Jan 22 11:09:29 2009] [info] [client 192.168.1.100] Connection to
child 3 established (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Seeding PRNG with 144 bytes of
entropy
[Thu Jan 22 11:09:29 2009] [info] Initial (No.1) HTTPS request
received for child 3 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Subsequent (No.2) HTTPS request
received for child 3 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Subsequent (No.2) HTTPS request
received for child 3 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] [client 192.168.1.100] Access
granted: 'my_username' OPTIONS my_repo:/
[Thu Jan 22 11:09:29 2009] [info] Subsequent (No.3) HTTPS request
received for child 3 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [error] [client 192.168.1.100] (OS 87)The
parameter is incorrect. : authentication failure for "/sspi/my_repo":
user unknown, reason: cannot generate context
[Thu Jan 22 11:09:29 2009] [info] [client 192.168.1.100] Connection to
child 4 established (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Seeding PRNG with 144 bytes of
entropy
[Thu Jan 22 11:09:29 2009] [info] Initial (No.1) HTTPS request
received for child 4 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Subsequent (No.2) HTTPS request
received for child 4 (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] [client 192.168.1.100] Connection to
child 5 established (server SVNSERVER:8443)
[Thu Jan 22 11:09:29 2009] [info] Seeding PRNG with 144 bytes of
entropy
[Thu Jan 22 11:09:30 2009] [info] Initial (No.1) HTTPS request
received for child 5 (server SVNSERVER:8443)
[Thu Jan 22 11:09:30 2009] [info] Subsequent (No.2) HTTPS request
received for child 5 (server SVNSERVER:8443)
[Thu Jan 22 11:09:30 2009] [info] [client 192.168.1.100] Connection
closed to child 5 with standard shutdown (server SVNSERVER:8443)
[Thu Jan 22 11:09:30 2009] [info] [client 192.168.1.100] Connection
closed to child 4 with standard shutdown (server SVNSERVER:8443)
[Thu Jan 22 11:09:30 2009] [info] [client 192.168.1.100] Connection
closed to child 3 with standard shutdown (server SVNSERVER:8443)
[Thu Jan 22 11:09:30 2009] [info] [client 192.168.1.100] Connection
closed to child 2 with standard shutdown (server SVNSERVER:8443)

I have the following settings in Apache for my repo

<Location /sspi/>
  DAV svn

  SVNListParentPath on
  SVNParentPath "D:/Repositories/"
  SVNIndexXSLT "/svnindex.xsl"
  SVNPathAuthz on
  AuthzSVNAccessFile "D:/Repositories/authz"

  AuthName "SSPI SVN"
  AuthType SSPI

  SSPIAuth on
  SSPIAuthoritative on
  SSPIDomain MY_DOMAIN
  SSPIOmitDomain on
  SSPIUsernameCase lower
  SSPIPerRequestAuth on
  SSPIOfferBasic off

  require valid-user
</Location>

Any idea whether this is an issue with Tortoise, a configuration
error, or how to further deub would be greatly appreciated

Steven

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=1043571

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-01-22 22:25:54 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.