[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Client authentication with Kerberos ticket

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2006-11-28 16:09:52 CET

   Hello,

 I'm currently deploying Subversion (1.2.3 on Debian Linux server)
 with Apache2/mod_dav/svn/mod_auth_krb
 and a svn client in version 1.4.2 (Linux)

 If I allow kerberos password (KrbMethodK5Passwd on)
 it works but the client asks me for the password each time.

 If I disable kerberos password (KrbMethodK5Passwd on)
 with KrbMethodNegotiate on,
 the client fails directly without trying my ticket, just
 successfully created with kinit (checked with klist).

 I have found no tutorial or FAQ concerning svn+kerberos+ticket
 With neon debug messages enabled, but it does not help me (see below).
 I have compiled neon lib (client) with gssapi. But is it enough ?

 Thank you for any hint to get svn and Kerberos working together
 (either with a ticket or my password cached - but I prefer the ticket)

User-Agent: SVN/1.4.2 (r22196) neon/0.25.5
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Content-Length: 300
Content-Type: text/xml
Depth: 0
Accept-Encoding: gzip
Accept-Encoding: gzip

Sending request-line and headers:
Connecting to IP
Sending request body:
Body block (300 bytes):
[<?xml version="1.0" encoding="utf-8"?><propfind
xmlns="DAV:"><prop><version-controlled-configuration
xmlns="DAV:"/><resourcetype xmlns=
"DAV:"/><baseline-relative-path
xmlns="http://subversion.tigris.org/xmlns/dav/"/><repository-uuid
xmlns="http://subversion.tigris.org/xm
lns/dav/"/></prop></propfind>]
Request sent; retry is 0.
[status-line] < HTTP/1.1 401 Authorization Required
[hdr] Date: Tue, 28 Nov 2006 11:34:26 GMT
Header Name: [date], Value: [Tue, 28 Nov 2006 11:34:26 GMT]
[hdr] Server: Apache/2.0.54 (Debian GNU/Linux) mod_auth_kerb/5.0-rc6
DAV/2 SVN/1.2.3 PHP/4.3.10-18
Header Name: [server], Value: [Apache/2.0.54 (Debian GNU/Linux)
mod_auth_kerb/5.0-rc6 DAV/2 SVN/1.2.3 PHP/4.3.10-18]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] Content-Length: 401
Header Name: [content-length], Value: [401]
[hdr] Keep-Alive: timeout=15, max=100
Header Name: [keep-alive], Value: [timeout=15, max=100]
[hdr] Connection: Keep-Alive
Header Name: [connection], Value: [Keep-Alive]
[hdr] Content-Type: text/html; charset=iso-8859-1
Header Name: [content-type], Value: [text/html; charset=iso-8859-1]
[hdr]
End of headers.
Reading 401 bytes of response body.
Got 401 bytes.
Read block (401 bytes):
[<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
]
Running post_send hooks
Request ends, status 401 class 4xx, error line:
401 Authorization Required
Running destroy hooks.
Request ends.
svn: PROPFIND request failed on '/svn/test/Trunk'
svn: PROPFIND of '/svn/test/Trunk': authorization failed (http://HOST)
ne_session_destroy called.
ne_session_destroy called.

-- 
Yves Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Nov 28 16:11:08 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.