[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: sasl mechanisms order

From: Victor Sudakov <sudakov_at_sibptus.tomsk.ru>
Date: Mon, 26 Jul 2010 14:30:08 +0700

Daniel Shahaf wrote:
> > > >
> > > > I have the following line in /usr/local/lib/sasl2/svn.conf:
> > > > mech_list: gssapi digest-md5 anonymous
> > > >
> > > > How can I guarantee that the subversion client/server will always use
> > > > GSSAPI before DIGEST-MD5? Or a more generic question, how can I change
> > > > the order of mechanisms if I have to?
> > > >
> > >
> > > Looking at subversion/libsvn_ra_svn/{client.c,cyrus_auth.c}, it seems that the
> > > following order is used:
> > >
> > > * EXTERNAL (i.e., ssh tunnel)
> > > * ANONYMOUS
> > > * ${server-reported mechanisms, in the order suggested by the server}
> > > * CRAM-MD5 (used via internal_auth.c even if SASL doesn't support it)
> > >
> > > I don't see a knob that lets you manipulate the order.
> >
> > Then how can I manipulate "the order suggested by the server"? The
> > server is svnserve.
> >
>
> Looking in subversion/svnserve/cyrus_auth.c, the list of mechansms is obtained
> directly from SASL:

[dd]

>
> so you'd have to look up in the SASL docs how to configure the ordering of
> mechanisms. (I don't know offhand how to configure that.)

I was unable to find this in the SASL docs. It only says that
mech_list is a "Whitespace separated list of mechanisms to allow (e.g.
'plain otp'). Used to restrict the mechanisms to a subset of the
installed plugins."

While googling I found even such statements as
http://www.techienuggets.com/CommentDetail?tx=188636

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov_at_sibptus.tomsk.ru
Received on 2010-07-26 09:30:49 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.