Re: sasl mechanisms order

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Mon, 26 Jul 2010 07:20:52 +0300

Victor Sudakov wrote on Mon, Jul 26, 2010 at 09:30:19 +0700:
> Colleagues,
>
> I have the following line in /usr/local/lib/sasl2/svn.conf:
> mech_list: gssapi digest-md5 anonymous
>
> How can I guarantee that the subversion client/server will always use
> GSSAPI before DIGEST-MD5? Or a more generic question, how can I change
> the order of mechanisms if I have to?
>

Looking at subversion/libsvn_ra_svn/{client.c,cyrus_auth.c}, it seems that the
following order is used:

* EXTERNAL (i.e., ssh tunnel)
* ANONYMOUS
* ${server-reported mechanisms, in the order suggested by the server}
* CRAM-MD5 (used via internal_auth.c even if SASL doesn't support it)

I don't see a knob that lets you manipulate the order.

> I have experimented with the order of mechanisms in the mech_list
> definition, but the result is always the same ( ANONYMOUS GSSAPI
> DIGEST-MD5 ). It's fine so far, but how can I change the order if
> needed?
>

Is your problem that GSSAPI is before/after DIGEST-MD5, or that it is
before/after ANONYMOUS? These are quite different situations...

> FreeBSD 6.4, subversion-1.6.12 compiled with cyrus-sasl-2.1.23 from
> ports.
>
> Thank you in advance for any input.
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> sip:sudakov_at_sibptus.tomsk.ru
Received on 2010-07-26 06:22:34 CEST

This message: [ Message body ]
Next message: Victor Sudakov: "Re: sasl mechanisms order"
Previous message: Daniel Shahaf: "(no subject)"
In reply to: Victor Sudakov: "sasl mechanisms order"
Next in thread: Victor Sudakov: "Re: sasl mechanisms order"
Reply: Victor Sudakov: "Re: sasl mechanisms order"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]