[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Using Kerberos-Authentication with subversion 1.4.2

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2007-03-19 11:55:39 CET

On Tue, 2007-03-06 at 02:21 +0100, Stephan Wienczny wrote:
> Hi,
> I'm trying to use kerberos-authentication for my subversion repositories but
> the clients in version 1.4.2 fail to connect with HTTP-Error 207
> Multi-Status.

> Older 1.3.2 clients and browsers are able to connect to the server.
> The server uses subversion-1.4.2, apache-2.2.3 and
> lib-apache-mod-auth-kerb-5.3

> This smells like a bug either in my configuration or svn-1.4.2.

  Hello,

I had the same error when building a Linux subversion client 1.4.3 with
neon 0.26.3. The fix is available on neon 0.26 branch.

Your server configuration is OK. The big trouble for Kerberos SPNEGO is
the neon 0.26 branch ! You should build with neon 0.25.5 to avoid
problems.

Here is the patch:

--- src/ne_auth.c (revision 1148)
+++ src/ne_auth.c (working copy)
@@ -533,7 +533,7 @@
     int ret;
     ne_buffer *errmsg;
 
- if (strncmp(hdr, "Negotiate", ptr - hdr) != 0) {
+ if (strncmp(hdr, "Negotiate", ptr - duphdr) != 0) {
         NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Not a Negotiate response!
\n");
         ne_free(duphdr);
         return NE_ERROR;

Regards

-- 
Yves Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Mar 19 11:56:07 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.