[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Client authentication with Kerberos ticket

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2006-12-20 16:49:52 CET

On Wed, 2006-12-20 at 15:20 +0100, Yves Martin wrote:

> Now the SPNEGO seems to work between a IE navigator and
> my Apache2 server.
>
> But I still have troubles with svn clients:
> . TurtoiseSVN 1.4.1 / SVN 1.4.2 on Windows
> asks me for a user/password to do basic authentication
>
> . svn 1.4.2 command line on Linux also asks me for a password
> even after creating my principal ticket with kinit
> and the service ticket with kvno !
>
> Neon in debug mode 138 shows:
> Got new auth challenge: Negotiate, Basic realm="Domain Login"
> New 'Negotiate' challenge.
> New 'Basic' challenge.
> Got pair: [realm] = [Domain Login]
> Finished parsing parameters.
> Looking for Digest challenges.
> No good Digest challenges, looking for Basic.
> Got Basic challenge with realm [Domain Login]

> Is Neon supposed to work with Negotiate and Kerberos ?

  The answer is yes (if SSL) but no (if not SSL) !

  Reading the code neon/src/ne_auth.c (around line 1050),
  the SSPI/Negotiate or SSPI/NTLM or Digest
  or Basic methods are tried whatever the http/https mode.

  BUT the GSSAPI/Negotiate is only tried with SSL ?
  Why ? Is GSSAPI over http less secure than Basic over http ?

  Thank you for your help

-- 
Yves Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 20 16:51:08 2006

This is an archived mail posted to the Subversion Users mailing list.