[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: linux subversion client with Kerberos (for auth against AD)

From: Yves Dorfsman <yves_at_zioup.com>
Date: Wed, 30 Jul 2008 17:26:00 -0600

Yves Dorfsman wrote:
> I have set Apache + mod_auth_kerb + DAV, this works fine and without
> password from a browser (both IE and firefox), but it looks as though
> svn client is not forwarding the ticket ; when I look at the apache log
> (with loglevel = debug), I get:
> [Mon Jul 28 15:48:57 2008] [debug] src/mod_auth_kerb.c(1432): [client
> 123.45.678.912] kerb_authenticate_user entered with user (NULL) and
> auth_type Kerberos
> Note the user: NULL.
> I'll try with password on today, but it kind of defeats the purpose of
> kerberos/AD, forcing the users to now enter a password (they already did
> when they logged in in Windows or kinit on UNIX).

I have added the ability to prompt for password, and sure enough, svn (the
client) works out my userid (username_at_REALM.COM), prompts me for a password
and let me check the repository out. When I remove this ability, and let the
client (web browser, "svn") negotiate, "svn" does not even try to negotiate,
  it does not seem to try to forward the kerberos ticket from AD, the Apache
log shows "user (NULL)".

Has anybody gotten this to work ?

Is it supposed to work this way (svn forwarding the kerberos/AD ticket) ?

CVS knows how to do this (not to http, but using its own gserver protocol)
and I don't mind looking at the code if necessary, but don't want to put any
time in this if it's just a configuration problem.

To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-31 01:26:28 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.