[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: linux subversion client with Kerberos

From: Steve Zeng <SteveZ_at_airg.com>
Date: Wed, 23 Jul 2008 14:50:43 -0700

Shirish,

I download and installed the src RPM and below is neon.spec. How can you
tell if GSSAPI is enabled or not? I assume it is enabled by default,
correct?

Steve

========================================================================
==
#cat neon.spec
Summary: An HTTP and WebDAV client library
Name: neon
Version: 0.25.5
Release: 5.1
License: LGPL
Group: Applications/Publishing
Prefix: %{_prefix}
URL: http://www.webdav.org/neon/
Source0: http://www.webdav.org/neon/neon-%{version}.tar.gz
Patch0: neon-0.25.5-multilib.patch
BuildRequires: expat-devel, openssl-devel, zlib-devel, krb5-devel
BuildRequires: pkgconfig
BuildRoot: %{_tmppath}/%{name}-root
Conflicts: subversion < 0.22.2-4

%description
neon is an HTTP and WebDAV client library, with a C interface;
providing a high-level interface to HTTP and WebDAV methods along
with a low-level interface for HTTP request handling. neon
supports persistent connections, proxy servers, basic, digest and
Kerberos authentication, and has complete SSL support.

%package devel
Summary: Development libraries and C header files for the neon library.
Group: Development/Libraries
Requires: neon = %{version}-%{release}, openssl-devel, zlib-devel,
expat-devel
Requires: pkgconfig
Conflicts: subversion-devel < 0.22.2-4

%description devel
The development library for the C language HTTP and WebDAV client
library.

%prep
%setup -q
%patch0 -p1 -b .multilib

%build
%configure --with-ssl --with-expat --enable-shared --enable-warnings
make %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
%makeinstall

%clean
rm -rf $RPM_BUILD_ROOT

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files
%defattr(-,root,root)
%doc AUTHORS BUGS TODO src/COPYING.LIB NEWS README THANKS
%{_libdir}/*.so.*

%files devel
%defattr(-,root,root)
%{_bindir}/*
%{_includedir}/*
%{_libdir}/pkgconfig/neon.pc
%{_mandir}/man1/*
%{_mandir}/man3/*
%{_libdir}/*.*a
%{_libdir}/*.so

%changelog
* Wed Jul 12 2006 Jesse Keating <jkeating_at_redhat.com> - 0.25.5-5.1
- rebuild

* Thu Jun 1 2006 Joe Orton <jorton_at_redhat.com> 0.25.5-5
- have -devel require pkgconfig (#193355)

* Wed May 24 2006 Joe Orton <jorton_at_redhat.com> 0.25.5-4
- add multilib fixes for neon-config (#192734)

* Wed May 17 2006 Joe Orton <jorton_at_redhat.com> 0.25.5-3
- rebuild

* Mon Feb 27 2006 Joe Orton <jorton_at_redhat.com> 0.25.5-2
- don't trim exported libraries (#182997)

* Fri Feb 10 2006 Jesse Keating <jkeating_at_redhat.com> - 0.25.5-1.2
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating_at_redhat.com> - 0.25.5-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes

* Tue Jan 31 2006 Joe Orton <jorton_at_redhat.com> 0.25.5-1
- update to 0.25.5

* Fri Dec 09 2005 Jesse Keating <jkeating_at_redhat.com>
- rebuilt

* Wed Dec 7 2005 Joe Orton <jorton_at_redhat.com> 0.24.7-10
- strip unnecessary exports from .la file/neon-config

* Tue Nov 8 2005 Tomas Mraz <tmraz_at_redhat.com> 0.24.7-9
- rebuilt with new openssl

* Fri Sep 23 2005 Joe Orton <jorton_at_redhat.com> 0.24.7-8
- restore static libs for rpm

* Mon Sep 19 2005 Joe Orton <jorton_at_redhat.com> 0.24.7-7
- drop static libs, doc/html from devel docdir

* Wed Mar 2 2005 Joe Orton <jorton_at_redhat.com> 0.24.7-6
- rebuild

* Thu Feb 10 2005 Joe Orton <jorton_at_redhat.com> 0.24.7-5
- don't define min() in ne_utils.h (Caolan McNamara, #147228)

* Tue Oct 12 2004 Joe Orton <jorton_at_redhat.com> 0.24.7-4
- update to GSSAPI code from trunk

* Fri Jul 23 2004 Joe Orton <jorton_at_redhat.com> 0.24.7-3
- rebuild

* Tue Jul 20 2004 Joe Orton <jorton_at_redhat.com> 0.24.7-2.1
- rebuild

* Tue Jul 6 2004 Joe Orton <jorton_at_redhat.com> 0.24.7-2
- devel requires neon of same release, expat-devel (#127330)

* Mon Jul 5 2004 Joe Orton <jorton_at_redhat.com> 0.24.7-1
- update to 0.24.7

* Tue Jun 15 2004 Elliot Lee <sopwith_at_redhat.com>
- rebuilt

* Wed May 19 2004 Joe Orton <jorton_at_redhat.com> 0.24.6-1
- update to 0.24.6

* Wed Apr 14 2004 Joe Orton <jorton_at_redhat.com> 0.24.5-2
- rebuild

* Wed Apr 14 2004 Joe Orton <jorton_at_redhat.com> 0.24.5-1
- update to 0.24.5 for CVE CAN-2004-0179 fix

* Thu Mar 25 2004 Joe Orton <jorton_at_redhat.com> 0.24.4-4
- implement the Negotate auth scheme, and only over SSL

* Tue Mar 02 2004 Elliot Lee <sopwith_at_redhat.com>
- rebuilt

* Wed Feb 25 2004 Joe Orton <jorton_at_redhat.com> 0.24.4-3
- use BuildRequires not BuildPrereq, drop autoconf, libtool;
  -devel requires {openssl,zlib}-devel (#116744)

* Fri Feb 13 2004 Elliot Lee <sopwith_at_redhat.com> 0.24.4-2
- rebuilt

* Mon Feb 9 2004 Joe Orton <jorton_at_redhat.com> 0.24.4-1
- update to 0.24.4

* Thu Oct 9 2003 Joe Orton <jorton_at_redhat.com> 0.24.3-1
- update to 0.24.3

* Wed Sep 24 2003 Joe Orton <jorton_at_redhat.com> 0.24.2-1
- update to 0.24.2

* Tue Jul 22 2003 Nalin Dahyabhai <nalin_at_redhat.com> 0.23.9-7
- rebuild

* Tue Jun 24 2003 Joe Orton <jorton_at_redhat.com> 0.23.9-6
- never print libdir in --libs output

* Wed Jun 04 2003 Elliot Lee <sopwith_at_redhat.com>
- rebuilt

* Tue Jun 3 2003 Joe Orton <jorton_at_redhat.com> 0.23.9-4
- don't regenerate docs; limit conflict with subversion

* Wed May 28 2003 Jeff Johnson <jbj_at_redhat.com> 0.23.9-3
- build.

* Sat May 24 2003 Florian La Roche <Florian.LaRoche_at_redhat.de>
- add ldconfig to post/postun

* Tue May 20 2003 Jeff Johnson <jbj_at_redhat.com> 0.23.9-2
- force expat, include neon-config, for subversion build.
- do "make check" (but ignore failure for now)

* Mon May 19 2003 Jeff Johnson <jbj_at_redhat.com> 0.23.9-1
- upgrade to 0.23.9.
- avoid xmlto breakage generating man pages for now.

* Mon Nov 11 2002 Jeff Johnson <jbj_at_redhat.com> 0.23.5-2
- avoid subversion-devel until libxml2 vs. expat is resolved.

* Sat Nov 9 2002 Jeff Johnson <jbj_at_redhat.com> 0.23.5-1
- Create.
==========================================================

> -----Original Message-----
> From: Shirish Jain [mailto:lists_at_getafix.net]
> Sent: July 23, 2008 2:26 PM
> To: Steve Zeng
> Subject: Re: linux subversion client with Kerberos
>
> Steve,
>
> could you please download the source RPM & extract the 'spec' file for
> the 'neon.i386 0:0.25.5-5.1' build u r using. It is likely to have
been
> built with "GSSAPI disabled". Confirm if this is the case.
>
> ..SJ
>
> Steve Zeng wrote:
> >
> > Shirish,
> >
> > Thanks for the steps. I got errors when I run "svn ls" or "svn
> > checkout". It seems to me svn client does not know how to handle
> > Kerberos communication. Below are the details:
> >
> > > a) linux svn install for client
> >
> > Yum install subversion (on centos 5.1 i386 32bit)
> >
> > Installed: subversion.i386 0:1.4.2-2.el5
> >
> > Dependency Installed: neon.i386 0:0.25.5-5.1
> >
> > > b) kinit userPrincipalName_at_DOMAIN.FQDN (Domain.fqdn must be all
caps),
> >
> > > it will ask ur password, please enter ur AD password. User
principal
> >
> > > name is typically ur user ID that u use to log on to the domain.
> >
> > > c) if errors for time skew, sync ur linux client's clock.
> >
> > > d) if errors due KDC, edit ur /etc/krb5.conf
> >
> > > e) if no errors, do command, klist, it should show a krb5 ticket
from
> ur
> >
> > > Active Directory DC
> >
> > -bash-3.1$ klist
> >
> > Ticket cache: FILE:/tmp/krb5cc_1054_Ls3mwz
> >
> > Default principal: stevez@ EXAMPLE.COM
> >
> > Valid starting Expires Service principal
> >
> > 07/23/08 16:42:17 07/24/08 02:42:16 krbtgt/ EXAMPLE.COM @
EXAMPLE.COM
> >
> > renew until 07/24/08 02:42:17
> >
> > > f) svn ls https://URL/path/to/repo
> >
> > svn ls https://officeg3.example.com/svn/repos/
> >
> > svn: PROPFIND request failed on '/svn/repos'
> >
> > svn: PROPFIND of '/svn/repos': 401 Authorization Required
> > (https://officeg3.example.com)
> >
> > > g) u will need to renew ur ticket using "kinit -R", u can execute
this
> >
> > > via crontab.
> >
> > >
> >
> > > Above is also required if you wish to achieve single sign on with
say
> >
> > > Firefox etc on Linux.
> >
> > >
> >
> > > should work fine. If issues, provide details.
> >
> > >
> >
> > > cheers
> >
> > >
> >
> > > Shirish
> >
> > >
> >
> > > Steve Zeng wrote:
> >
> > > >
> >
> > > > Hello forks,
> >
> > > >
> >
> > > > Basically I am looking for a linux subversion client which can
do
> >
> > > > Kerberos authentication with Windows Active Directory. I've
search
> the
> >
> > > > mail list archive and could not find one. Any help would be
highly
> >
> > > > appreciated.
> >
> > > >
> >
> > > > My SVN server is configured as Apache/Kerberos authentication.
> >
> > > > Currently I've successfully got Windows SVN client working.
> >
> > > >
> >
> > > > <Location /svn>
> >
> > > >
> >
> > > > DAV svn
> >
> > > >
> >
> > > > SVNParentPath /var/www/svn/
> >
> > > >
> >
> > > > AuthzSVNAccessFile /var/www/svn/repos/conf/authz
> >
> > > >
> >
> > > > SSLRequireSSL
> >
> > > >
> >
> > > > AuthType Kerberos
> >
> > > >
> >
> > > > AuthName "Kerberos Login"
> >
> > > >
> >
> > > > KrbMethodNegotiate On
> >
> > > >
> >
> > > > KrbMethodK5Passwd Off
> >
> > > >
> >
> > > > KrbAuthRealms EXAMPLE.COM
> >
> > > >
> >
> > > > require valid-user
> >
> > > >
> >
> > > > </Location>
> >
> > > >
> >
> > > > Below is version of my SVN server and windows client.
> >
> > > >
> >
> > > > 1) subversion server
> >
> > > >
> >
> > > > centos 5.1 i386
> >
> > > >
> >
> > > > subversion-1.4.2
> >
> > > >
> >
> > > > httpd-2.2.3-11
> >
> > > >
> >
> > > > mod_auth_kerb-5.1
> >
> > > >
> >
> > > > 2) Windows Client (working)
> >
> > > >
> >
> > > > Windows XP SP3
> >
> > > >
> >
> > > > TortoiseSVN 1.4.0, Build 7501 - 32 Bit , 2006/09/15 21:34:55
> >
> > > >
> >
> > > > Subversion 1.4.0,
> >
> > > >
> >
> > > > apr 0.9.12
> >
> > > >
> >
> > > > apr-iconv 0.9.7
> >
> > > >
> >
> > > > apr-utils 0.9.12
> >
> > > >
> >
> > > > berkeley db 4.4.20
> >
> > > >
> >
> > > > neon 0.25.5
> >
> > > >
> >
> > > > OpenSSL 0.9.8b 04 May 2006
> >
> > > >
> >
> > > > Best Regards,
> >
> > > >
> >
> > > > ---------------------
> >
> > > >
> >
> > > > Steve Zeng
> >
> > > >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-24 08:36:28 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.