[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

--username and --password ignored with NTLM authentication?

From: Craig Holmquist <craig.holmquist_at_neurotronics.com>
Date: Tue, 4 Aug 2009 15:06:24 -0400

I've noticed that in Subversion 1.6.3 (and probably all earlier versions),
if the server sends an NTLM challenge, and client responds with the
logged-in user's credentials even if the --username and --password command
line options are given. That is, the name in the revision log is the
logged-in user instead of the user passed on the command line.

Is this intentional? In my opinion it's counterintuitive. The Subversion
book states that --username and --password take precedence over any cached
credentials; wouldn't a user reasonably assume these options would take
precedence over the default NTLM credentials (that is, the credentials for
the user currently logged into Windows) as well?

As far as I can tell, there's no workaround for this other than editing the
"servers" config to remove "negotiate" from http-auth-types. Otherwise,
there's no way to specify a different user from the command line if the
server is set up for NTLM.

All the above results were obtained using the https protocol. I got similar
results with both neon and serf. The server is Apache 2.2.11 using
mod_auth_sspi/1.0.4.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2380126

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-04 21:09:07 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.