[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Tortoise authentications with HTTPS + Kerberos

From: Keiran Sweet <keiran_at_gmail.com>
Date: Fri, 24 Feb 2012 06:34:38 -0800 (PST)

Hi There,
We have over the last few months encountered a quite major issue with tortoise SVN and Kerberos when accessing our subversion repositories via HTTPS.

The main problem we have is that for a period of time (months) all will be fine on the client side, then suddenly the tortoise client fails to authenticate via Krb5, and as such any subversion functionality fails. This happens sporadically across our clients, with some remaining fine, and others never to function again via HTTPS/KRB5.

On the client side, we get the following error messages:

Error: PROPFIND of '/svn/path/is/here/': authorization failed: Could
Error: not authenticate to server: could not parse challenge (https://bitbucket.domain.tld)

On the server side, we are running the following
* 64-Bit RHEL 5.7 + Apache/2.2.3 + Mod_ssl + Kerberos 5 + LDAP
* The KDC and LDAP servers in this case are Microsoft active directory and function fine for all other purposes (Linux auth, Apache access control, etc). No issues are expected here, and some clients continue to function fine.

An example configuration snippet is below from Apache for your reference:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<Location /svn/infra>
   DAV svn
   SVNPath /opt/svn/infra

   SSLRequireSSL

   AuthType Kerberos
   AuthName "Kerberos Login - Infrastructure"
   KrbMethodNegotiate On
   KrbMethodK5Passwd Off
   KrbAuthRealms DOMAINNAME.TLD
   Krb5KeyTab /etc/httpd/conf/keytab

   AuthLDAPBindDN 'FULL DN FOR BINDING'
   AuthLDAPBindPassword PASSWORD
   AuthLDAPUrl "ldap://LDAP URI STRING" NONE

   #### Permitted Users/Groups
   require ldap-group CN=sec_lnx_admins

</Location>

In regards to further diagnosis, I have found the following:
* I've continued to use the standard svn linux client using HTTPS + Kerberos against the same repository and it hasnt missed a beat.
* I've asked the users to upgrade to the latest versions of Tortoise and can confirm that the below versions exhibit this issue:

TortoiseSVN 1.6.16, Build 21511 - 32 Bit , 2011/06/01 19:00:35
Subversion 1.6.17,
apr 1.3.12
apr-utils 1.3.12
neon 0.29.6
OpenSSL 1.0.0d 8 Feb 2011
zlib 1.2.5

TortoiseSVN 1.7.5, Build 22551 - 32 Bit , 2012/02/13 17:36:15
Subversion 1.7.3,
apr 1.4.5
apr-utils 1.3.12
neon 0.29.6
OpenSSL 1.0.0e 6 Sep 2011
zlib 1.2.5

The client OS is both Windows XP and Windows 7.

As a work around, I am able to move the clients to a SSH+SVN configuration, which although works isn't really how I want it to function.

I've had a look through the archived lists and forums and have found other users having the same issue, however root cause never seems to be found.

Example:
* http://groups.google.com/group/tortoisesvn/browse_thread/thread/6f5a9cb9c614969f

Has anyone else encountered this issue, or have any advice on how i can progress with diagnosing this issue ?

All the best,

K

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2926297

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-02-24 16:08:32 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.