[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

https, virtual host and Kerberos Negotiate

From: Yves Martin <yves.martin_at_elca.ch>
Date: 2007-03-19 14:04:56 CET

  Hello,

My Subversion server uses Apache2 with mod-auth-kerb 5.3 on Debian
GNU/Linux Sarge.
Everything works fine with HTTPS and Kerberos SPNEGO authentication as
far as the FQDN server name (srv12345.mydomain.com) is used on win32.

On Unix platform, the svn client (Linux 1.4.3 with neon 0.25.5) does
SPNEGO perfectly with both FQDN or server alias svn.mydomain.com

On win32 platform, the svn 1.4.3 client built with neon 0.25.5:
 . authenticates properly with Kerberos Negotiate when accessing
   https://server12345.mydomain.com/subversion/project/

 . Kerberos Negotiate fails when accessing
   https://svn.mydomain.com/subversion/project/
   and the svn client falls back to basic authentication.

May you confirm it is a platform specific bug ?

Unix version does things right:
. first find the IP for the URL hostname
. then a reverse DNS call to get the FQDN of the server
. ask GSSAPI for a Kerberos token for the FQDN service HTTP/server12345.mydomain.com
. connect to Apache2 with the given URL and provide the FQDN token-based.

This logic should be ported on win32 too to make SPNEGO works perfectly.

Thank you in advance for your attention

-- 
Yves Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Mar 19 14:05:25 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.