[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Proxy authentication with Negotiate uses wrong host

From: Stefan Sperling <stsp_at_elego.de>
Date: Wed, 24 Aug 2011 11:23:23 +0200

On Wed, Aug 24, 2011 at 09:44:17AM +0200, 1983-01-06_at_gmx.net wrote:
> > On Tue, Aug 23, 2011 at 10:47:35PM +0200, Michael-O wrote:
> > > I made some digging in the subversion and neon code and notices some
> > > interesting and odd stuff.
> > >
> > > If you take a look at the aforementioned session.c in line 865 [1]
> > > you'll see that the code is correct, Negotiate auth is added if no
> > > proxy_username is set. So my assumption was correct. It should work
> > > out-of-the box.
> >
> > Yes, you're right. It seems I misread this and didn't notice
> > the 'else' part which also enables Negotiate auth. Sorry.
> >
>
> Stefan,
>
> another note. I tried a different proxy machine (we have a farm of) and tried:
> H:\Projekte>svn ls http://svn.apache.org/repos/asf/
> The TGS-REQ body is as follows
> Server Name (Service and Instance): HTTP/harmonia.apache.org
> + some other stuff
> The KDC responses with:
> Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
> Server Name (Service and Instance): HTTP/harmonia.apache.org
>
> This is the output of Wirshark on FreeBSD:
> The TGS-REQ body is as follows
> Server Name (Service and Instance): HTTP/my.proxy.server
>
> And so forth.
>
> I can privately send you both wireshark dumps if you'd like.

I don't have time to deal with this right now, sorry.
Maybe someone else will take a look.

I agree that there seems to be a bug somewhere, either in svn or neon.
Please file an issue so this doesn't get lost. Thanks!
Received on 2011-08-24 11:24:19 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.