[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn+ sasl2 on MAC OS X 10.6 not authenitificatime us

From: Peter Fodrek <peter.fodrek_at_stuba.sk>
Date: Mon, 6 Jun 2011 16:54:44 +0200

Dear Subversion experts,

I am tto establish SVN server with Cyrus SASL authentification but failed to
properly set this. When using SVN repository with config/passwd
authentification then it works perfectlyworks. But I am to do more secure
authentification. I am sending you all SASL+SVN related settings I was to find
ouit in P.S. part of this e-mail.

I would like to ask you for any recomandation what I am doing wrong, please?
 
Thank you for any answer

I look forward hearing from you

Yours faithfully

Peter Fodrek

P.S.

/Users/mini1/my-bin/bin/svnserve --version
svnserve, version 1.6.17 (r1128011)
   compiled Jun 6 2011, 14:53:15

Copyright (C) 2000-2009 CollabNet.
Subversion is open source software, see http://subversion.apache.org/
This product includes software developed by CollabNet
(http://www.Collab.Net/).

The following repository back-end (FS) modules are available:

* fs_fs : Module for working with a plain file (FSFS) repository.

Cyrus SASL authentication is available.

dhcp28-108:~ mini1$ more /Users/mini1/my-bin/lib/sasl2/subversion.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /Users/mini1/my-bin/druha
saslauthd_path: /Users/mini1/my-bin/sbin
mech_list: DIGEST-MD5
dhcp28-108:~ mini1$ ls -la /Users/mini1/my-bin/sbin/sasl*
-rwxr-xr-x 1 mini1 staff 77176 Jun 6 14:40 /Users/mini1/my-
bin/sbin/saslauthd
-rwxr-xr-x 1 mini1 staff 251360 Jun 6 14:40 /Users/mini1/my-
bin/sbin/sasldblistusers2
-rwxr-xr-x 1 mini1 staff 256120 Jun 6 14:40 /Users/mini1/my-
bin/sbin/saslpasswd2
dhcp28-108:~ mini1$ /Users/mini1/my-bin/sbin/sasldblistusers2
/Users/mini1/my-bin/druha
agentura_at_APVV: userPassword
moj_at_Subversion: userPassword
peter_at_APVV: cmusaslsecretOTP
pokusny_at_APVV: userPassword
test_at_APVV: cmusaslsecretOTP
testovic_at_APVV: userPassword
uni_at_Subversion: userPassword
agentura_at_APVV: cmusaslsecretOTP
moj_at_Subversion: cmusaslsecretOTP
peter_at_APVV: userPassword
pokusny_at_APVV: cmusaslsecretOTP
test_at_APVV: userPassword
testovic_at_APVV: cmusaslsecretOTP
uni_at_Subversion: cmusaslsecretOTP

dhcp28-108:~ mini1$ sudo killall -9 svnserve
dhcp28-108:~ mini1$ sudo /Users/mini1/my-bin/bin/svnserve -d -r /opt/repos/
dhcp28-108:~ mini1$ cat /opt/repos/Plazma/conf/svnserve.conf
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.tigris.org/ for more information.

[general]
### These options control access to the repository for unauthenticated
### and authenticated users. Valid values are "write", "read",
### and "none". The sample settings below are the defaults.
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.

password-db = passwd

### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file. If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.

#authz-db = authz

### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.

realm = APVV

[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
#min-encryption = 0
#max-encryption = 256

pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /Users/mini1/my-bin/druha
mech_list: DIGEST-MD5

dhcp28-108:~ mini1$ls -la /Users/mini1/my-bin/lib/sasl2/
total 1952
drwxr-xr-x 22 mini1 staff 748 Jun 6 15:52 .
drwxr-xr-x 78 mini1 staff 2652 Jun 6 14:59 ..
-rw-r--r-- 1 mini1 staff 73640 Jun 6 14:39 libanonymous.a
-rwxr-xr-x 1 mini1 staff 645 Jun 6 14:39 libanonymous.la
-rw-r--r-- 1 mini1 staff 81880 Jun 6 14:39 libcrammd5.a
-rwxr-xr-x 1 mini1 staff 639 Jun 6 14:39 libcrammd5.la
-rw-r--r-- 1 mini1 staff 176560 Jun 6 14:39 libdigestmd5.a
-rwxr-xr-x 1 mini1 staff 654 Jun 6 14:39 libdigestmd5.la
-rw-r--r-- 1 mini1 staff 104704 Jun 6 14:39 libgssapiv2.a
-rwxr-xr-x 1 mini1 staff 693 Jun 6 14:39 libgssapiv2.la
-rw-r--r-- 1 mini1 staff 76952 Jun 6 13:27 liblogin.a
-rwxr-xr-x 1 mini1 staff 633 Jun 6 13:27 liblogin.la
-rw-r--r-- 1 mini1 staff 209768 Jun 6 14:39 libotp.a
-rwxr-xr-x 1 mini1 staff 636 Jun 6 14:39 libotp.la
-rw-r--r-- 1 mini1 staff 75456 Jun 6 14:39 libplain.a
-rwxr-xr-x 1 mini1 staff 633 Jun 6 14:39 libplain.la
-rw-r--r-- 1 mini1 staff 135992 Jun 6 14:39 libsasldb.a
-rwxr-xr-x 1 mini1 staff 697 Jun 6 14:39 libsasldb.la
-rw-r--r-- 1 mini1 staff 150 Jun 6 16:18 subversion.conf
lrwxr-xr-x 1 mini1 staff 15 Jun 6 15:52 svn.conf -> subversion.conf
lrwxr-xr-x 1 mini1 staff 15 Jun 6 15:52 svnserve.conf ->
subversion.conf
Received on 2011-06-06 16:55:21 CEST

This is an archived mail posted to the Subversion Users mailing list.