RE: anonymous svn checkout fails in 1.9.4

Thanks for the reply, Stefan. It took a while to gather some details. The repository server is using svn version 1.6.18. It is using basic authentication with its own password file. Below is the svn.authz file, and the directory in that we are trying to access anonymously using http is the branches/v5.3 directory.

Again, I've tried several operating systems and versions of tortoise on the client end. The server is the same across the experiment. The challenge for authentication happens for tortoise 1.9.x.

____________________________________________________________________

[/]
$authenticated = rw

[/tags]
$anonymous = r

[/branches/v5.3]
$anonymous = r

-----Original Message-----
From: Stefan Küng [mailto:tortoisesvn_at_gmail.com]
Sent: Friday, June 17, 2016 11:57 PM
To: users_at_tortoisesvn.tigris.org
Subject: Re: anonymous svn checkout fails in 1.9.4

On 17.06.2016 18:20, Ateljevich, Eli_at_DWR wrote:
> Hello,
> I'd like to report a bug that is widely affecting the users of our
> repository. We are working in both Windows 7 and 10, both of which
> exhibit the problem. I am using 1.9.4, and the problem happened in
> 1.9.2. It did not occur using 1.7.7.
>
> Using tortoise (gui or command line) with credentials cleared, I am
> unable to browse or checkout the "anonymous" part of the repository:
> http://www.ccrm.vims.edu/schism/branches/v5.3
>
> On the command line this produces the line:
> Authentication realm: <http://www.ccrm.vims.edu:80> Subversion schism
> repository and then a request for credentials.

This would mean that the 'anonymous' part isn't really anonymous but still requires authentication. Otherwise it would not ask for it.

Make sure you understand the difference between authentication and
authorization:
authentication means the user has to be verified (i.e. "who are you") authorization means an already authenticated user is authorized to access the data (i.e. "Paul is not allowed to access A, but allowed access to B")

Maybe your 'anonymous' part is only set up to give access to all authenticated users and not to really everyone?

> The problem goes away if I provide my name and password, so the URL is
> correct and it is not https. The issue with anonymous access does not
> occur on an older computer using 1.7.7, in which case I am generally not
> even challenged for credentials. The problem does not occur at all on
> Linux command line svn.

What version of svn is running on the server? What kind of
authentication is set up there?
If you're using NTLM/Kerberos authentication, you must use https with
newer svn clients because it's a security risk to do that authentication
over unencrypted channels.

Without knowing more about your server setup and how you set up the
authentication I can't offer more hints.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3175864
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3176412
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].