[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Issue with svn 1.4.3 and https SPNEGO / Kerberos

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2007-02-05 12:22:05 CET

   Hello,

 I'm currently working with svn 1.4.2 built with neon 0.25.5
 on my Linux station. Server is configured with svn 1.3.2,
 WebDAV, https and mod_auth_kerb. That configuration is OK.

 Now, I'm testing svn 1.4.3 built with neon 0.26.3 still on Linux
 workstation as a client - no change on the server-side.

 Kerberos SSO seams to work well on the server-side point of view
 but the client does not parse properly the http 207 response
 (Multi-Status) whereas response content seems OK.

 Is it a neon 0.26.3 bug or an invalid client side configuration ?
 Thank you in advance for your help

 I include here the neon debug messages:

./svn list https://mysvn.domain.com/subversion/myproject/trunk/
ah_create, for WWW-Authenticate
Doing DNS lookup on mysvn.domain.com...
Running pre_send hooks
compress: Initialization.
compress: Initialization.
Sending request headers:
PROPFIND /subversion/myproject/trunk HTTP/1.1
Host: mysvn.domain.com
User-Agent: SVN/1.4.3 (r23084) neon/0.26.3
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Content-Length: 300
Content-Type: text/xml
Depth: 0
Accept-Encoding: gzip
Accept-Encoding: gzip

Sending request-line and headers:
Connecting to 10.10.90.24
Sending request body:
Body block (300 bytes):
[<?xml version="1.0" encoding="utf-8"?><propfind
xmlns="DAV:"><prop><version-controlled-configuration
xmlns="DAV:"/><resourcetype xmlns="DAV:"/><baseline-relative-path
xmlns="http://subversion.tigris.org/xmlns/dav/"/><repository-uuid
xmlns="http://subversion.tigris.org/xmlns/dav/"/></prop></propfind>]
Request sent; retry is 0.
[status-line] < HTTP/1.1 401 Authorization Required
[hdr] Date: Mon, 05 Feb 2007 10:52:42 GMT
Header Name: [date], Value: [Mon, 05 Feb 2007 10:52:42 GMT]
[hdr] Server: Apache/2.0.54 (Debian GNU/Linux) mod_auth_kerb/5.3 DAV/2
SVN/1.3.2 PHP/4.3.10-18 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_perl/1.999.21
Perl/v5.8.4
Header Name: [server], Value: [Apache/2.0.54 (Debian GNU/Linux)
mod_auth_kerb/5.3 DAV/2 SVN/1.3.2 PHP/4.3.10-18 mod_ssl/2.0.54
OpenSSL/0.9.7e mod_perl/1.999.21 Perl/v5.8.4]
[hdr] WWW-Authenticate: Negotiate
Header Name: [www-authenticate], Value: [Negotiate]
[hdr] WWW-Authenticate: Basic realm="My Domain Login"
Header Name: [www-authenticate], Value: [Basic realm="My Domain Login"]
[hdr] Content-Length: 401
Header Name: [content-length], Value: [401]
[hdr] Keep-Alive: timeout=15, max=100
Header Name: [keep-alive], Value: [timeout=15, max=100]
[hdr] Connection: Keep-Alive
Header Name: [connection], Value: [Keep-Alive]
[hdr] Content-Type: text/html; charset=iso-8859-1
Header Name: [content-type], Value: [text/html; charset=iso-8859-1]
[hdr]
End of headers.
Reading 401 bytes of response body.
Got 401 bytes.
Read block (401 bytes):
[<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
]
Running post_send hooks
ah_post_send (#0), code is 401 (want 401), WWW-Authenticate is
Negotiate, Basic realm="My Domain Login"
auth: Got challenge (code 401).
auth: Got 'Negotiate' challenge.
auth: Got 'Basic' challenge.
auth: Trying Negotiate challenge...
gssapi: init_sec_context OK. (major=1)
gssapi: Output token: [snip]
Running pre_send hooks
auth: Sending 'Negotiate' response.
compress: Initialization.
compress: Initialization.
Sending request headers:
PROPFIND /subversion/myproject/trunk HTTP/1.1
Host: mysvn.domain.com
User-Agent: SVN/1.4.3 (r23084) neon/0.26.3
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Content-Length: 300
Content-Type: text/xml
Depth: 0
Accept-Encoding: gzip
Accept-Encoding: gzip
Authorization: xxx [snip]

Sending request-line and headers:
Sending request body:
Body block (300 bytes):
[<?xml version="1.0" encoding="utf-8"?><propfind
xmlns="DAV:"><prop><version-controlled-configuration
xmlns="DAV:"/><resourcetype xmlns="DAV:"/><baseline-relative-path
xmlns="http://subversion.tigris.org/xmlns/dav/"/><repository-uuid
xmlns="http://subversion.tigris.org/xmlns/dav/"/></prop></propfind>]
Request sent; retry is 1.
[status-line] < HTTP/1.1 207 Multi-Status
[hdr] Date: Mon, 05 Feb 2007 10:52:42 GMT
Header Name: [date], Value: [Mon, 05 Feb 2007 10:52:42 GMT]
[hdr] Server: Apache/2.0.54 (Debian GNU/Linux) mod_auth_kerb/5.3 DAV/2
SVN/1.3.2 PHP/4.3.10-18 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_perl/1.999.21
Perl/v5.8.4
Header Name: [server], Value: [Apache/2.0.54 (Debian GNU/Linux)
mod_auth_kerb/5.3 DAV/2 SVN/1.3.2 PHP/4.3.10-18 mod_ssl/2.0.54
OpenSSL/0.9.7e mod_perl/1.999.21 Perl/v5.8.4]
[hdr] WWW-Authenticate: Negotiate YHAGCSqGSIb3EgECAgIAb2EwX6ADAgEFoQMCAQ
+iUzBRoAMCAQGiSgRIP8MXz8zcptM5Rt
+svYBmUHjCzALtij848oNYsBY7Dz95n5Jw0WaumPwDuSCzev35wo2TdJ
+lk1re94hq676lq4ZsBEl1F9XZ
Header Name: [www-authenticate], Value: [Negotiate
YHAGCSqGSIb3EgECAgIAb2EwX6ADAgEFoQMCAQ+iUzBRoAMCAQGiSgRIP8MXz8zcptM5Rt
+svYBmUHjCzALtij848oNYsBY7Dz95n5Jw0WaumPwDuSCzev35wo2TdJ
+lk1re94hq676lq4ZsBEl1F9XZ]
[hdr] Content-Length: 720
Header Name: [content-length], Value: [720]
[hdr] Keep-Alive: timeout=15, max=99
Header Name: [keep-alive], Value: [timeout=15, max=99]
[hdr] Connection: Keep-Alive
Header Name: [connection], Value: [Keep-Alive]
[hdr] Content-Type: text/xml; charset="utf-8"
Header Name: [content-type], Value: [text/xml; charset="utf-8"]
[hdr]
End of headers.
Reading 720 bytes of response body.
Got 720 bytes.
Read block (720 bytes):
[<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:"
xmlns:ns1="http://subversion.tigris.org/xmlns/dav/" xmlns:ns0="DAV:">
<D:response xmlns:lp1="DAV:"
xmlns:lp3="http://subversion.tigris.org/xmlns/dav/">
<D:href>/subversion/myproject/trunk/</D:href>
<D:propstat>
<D:prop>
<lp1:version-controlled-configuration><D:href>/subversion/myproject/!
svn/vcc/default</D:href></lp1:version-controlled-configuration>
<lp1:resourcetype><D:collection/></lp1:resourcetype>
<lp3:baseline-relative-path>trunk</lp3:baseline-relative-path>
<lp3:repository-uuid>5940bebc-061a-0410-a5c8-86539ce441c1</lp3:repository-uuid>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
]
Running post_send hooks
ah_post_send (#1), code is 207 (want 401), WWW-Authenticate is Negotiate
YHAGCSqGSIb3EgECAgIAb2EwX6ADAgEFoQMCAQ+iUzBRoAMCAQGiSgRIP8MXz8zcptM5Rt
+svYBmUHjCzALtij848oNYsBY7Dz95n5Jw0WaumPwDuSCzev35wo2TdJ
+lk1re94hq676lq4ZsBEl1F9XZ
gssapi: Not a Negotiate response!
Request ends, status 207 class 2xx, error line:
207 Multi-Status
Running destroy hooks.
Request ends.
svn: PROPFIND request failed on '/subversion/myproject/trunk'
svn: PROPFIND of '/subversion/myproject/trunk': 207 Multi-Status
(https://mysvn.domain.com)
ne_session_destroy called.
ne_session_destroy called.

-- 
Yves Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Feb 5 12:22:30 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.