[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: kerberos authentication using ankhsvn and tortoisesvn

From: liat katzir <liatkatzir_at_yahoo.com>
Date: Wed, 10 Mar 2010 10:08:50 +0000 (GMT)

Hello Bert,
We still think that there might be a regression in ankhSVN there for i'm sending you the versions you asked for and also i'm attaching the files that helped me to make a kerberos authentication, i'm hoping that you will be able to test that since in versions earlier then 2.1 it did work, especially if you are a representative of the developing ankhSVN team.
You said that ankSVN is using the neon component for supporting kerberos authentication for http:// & https:// so is it possible to work with earlier neon versions?
Who is responsible for the neon development, and do they check weather there is no regression test in authentication of kerberos?
When there was no problems we used ankhSVN 2.0 6347.433for VS 2005;2008
Problems began when installing ankhSVN 2.1 from builds (7756.392,daily 7785.397,daily 7808.407,daily 7809.408,daily 7810.409,daily 7815.410) and  using VS 2005;2010
Our Apache files are attached.
file auth_kerb.conf is located in /etc/httpd/conf.d
file krb5.conf  is located in /etc/krb5.conf
Thank you,
Liat Katzir

--- On Tue, 9/3/10, Bert Huijben <bert_at_qqmail.nl> wrote:

From: Bert Huijben <bert_at_qqmail.nl>
Subject: RE: kerberos authentication using ankhsvn and tortoisesvn
To: "'Liat Katzir'" <liatkatzir_at_yahoo.com>
Cc: amitkar_at_rafael.co.il, users_at_ankhsvn.open.collab.net
Date: Tuesday, 9 March, 2010, 16:52

neon doesn't have server components. The server side of Subversion is normally handled by Apache.
Our buildbot released about 600 different AnkhSVN 2.0 releases so if you can't tell us which version worked for you it is hard to find for us.
Our current AnkhSVN 2.0 branch still uses neon 0.28.5, while 2.1 uses neon 0.29.3.
(openssl 0.9.8k vs 0.9.8m)
All Kerberos handling over http:// and https:// in AnkhSVN is handled by the neon component that is compiled into the SharpSvn binary.
As I told before: I have no way to test all this. And I assume the maintainer of neon hasn't either. So we need input from our users to see if it works or doesn't (or if it regressed).
But if you are reporting the same issue for AnkhSVN, TortoiseSVN and probably the normal svn binaries. (Did you try those?), I think you can better try to get some help on users_at_subversion.apache.org. There are more corporate users there than on the TortoiseSVN and AnkhSVN lists.

From: Liat Katzir [mailto:liatkatzir_at_yahoo.com]
Sent: maandag 8 maart 2010 11:12
To: Bert Huijben
Cc: amitkar_at_rafael.co.il; users_at_ankhsvn.open.collab.net
Subject: RE: kerberos authentication using ankhsvn and tortoisesvn

Hello Bert,

thank you for the quick response

when i mentioned that version 2.0 worked for me i was talking about visual studio 2005,2008.

That version didn't also work when i moved to visual studio version 2010 (beta2 or experimental) and the recommendation was to upgrade to ankhsvn 2.1 so that what we tried to do, and Ankhsvn 2.1 is not working also in visual studio 2005, and that is what recommended by collabnet site.


We are trying know to check some releases for the 2.1 version but so far we failed.

Our conclusion that this problem relates to kerberos authentication is due to the fact that accessing to basic authentication repositories is working from ankhsvn 2.1.


If i understood you correctly there could be a problem between the neon versions that i have in my server then to what the client has?

Can you elaborate on how i found out were&what version of neon the server has and what version does the AnkhsSVN i'm using has?

Can i upgrade the neon version in my server in an easy way?do you think that is i will move to svn version 1.6 in my server the problem will be solved?

Thank you,

Liat Katzir.

--- On Sun, 7/3/10, Bert Huijben <bert_at_qqmail.nl> wrote:

From: Bert Huijben <bert_at_qqmail.nl>
Subject: RE: kerberos authentication using ankhsvn and tortoisesvn
To: "'Liat Katzir'" <liatkatzir_at_yahoo.com>, users_at_ankhsvn.open.collab.net
Cc: amitkar_at_rafael.co.il
Date: Sunday, 7 March, 2010, 19:14

There should be no difference in the SASL support between AnkhSVN 2.0 and 2.1. (I assume that is what you are talking about. Used for svn:// repositories).
If you are talking about the support in Neon, then you could see a regression in some of our dependencies. (OpenSSL and Neon are bumped quite a few versions since releasing 2.0).
Do you know which exact version of AnkhSVN 2.0 worked for you? (That way we can trace which dependencies were changed, and… Copying the information block in the about box is probably the easiest solution)
If you just see “Failed to authorize” in AnkhSVN 2.X before 2.1.7819, then it is also possible that you caught a completely unrelated access denied error. (Some errors fell in that error bucket)
I don’t have the necessary infrastructure in place to do any real Kerberos testing myself with AnkhSVN, but perhaps some other users on our list know the status better then I do.

From: Liat Katzir [mailto:liatkatzir_at_yahoo.com]
Sent: zondag 7 maart 2010 14:48
To: users_at_subversion.tigris.org; users_at_tortoisesvn.tigris.org; users_at_ankhsvn.open.collab.net
Cc: amitkar_at_rafael.co.il
Subject: kerberos authentication using ankhsvn and tortoisesvn


I'm working with subversion 1.5.6 on a Linux server.

The clients are working with windows XP.

so far we worked with VS 2005,2008 and ankhsvn2.0 and didn't encountered any problem.

when moved to Visual Studio 2010 release candidate or beta2 the recommendation is to upgrade to ankhsvn2.1, when doing so, the integration with SVN stopped working, and we got the message"failed authorise remote repository".

why this happened?does Ankhsvn2.1 support kerberos?if not when are you going to release a version that support it.


So far the tortoise client that we use 1.5.7 did support kerberos authentication type.

When installing tortoise version 1.6.7 we got error messages, and we looked through the web and found out that this version is not supporting kerberos but 1.6.6 does.

I wanted to know whether the develop road of the tortoise is to support kerberos always since we work in a very strong authentication in our organization(smart cards).

If you can please refer me to other users that encountered similar problems

Thanks in Advanced,

Liat Katzir.

  • application/x-zip-compressed attachment: 4ido.zip
Received on 2010-03-10 11:11:19 CET

This is an archived mail posted to the Subversion Users mailing list.