On Thu, May 2, 2013 at 7:35 PM, Os Tyler <otyler_at_ur.com> wrote:
> Thanks in advance for any help here.
> We're using svnserve and I've successfully implemented SASL authentication
> against our company Active Directory LDAP instance. And our windows and
> linux clients are successfully connecting.
> However the subversion client on our AS/400 servers does not support SASL.
> I was looking for a way to configure subversion so that if the SASL
> authentication failed, it would fall back to the native passwd file and if a
> user/pass match was found there, auth would succeed.
> I've searched the interwebs and the archives of this mailing list, but I'm
> not seeing that there is a way to accomplish this "SASL with fallback to
> native passwd file".
> Is there a way?
You could just run a second svnserve on a different port that was
using a username/password file instead of SASL.
That said, the issue is that if you are using the native AS/400 client
it is SVN 1.4 which was pre-SASL. However, it is still possible for
those SVN clients to work with svnserve SASL. You have to enable the
auth mechanisms on your server that are supported by these clients --
All 1.x clients, with or without Cyrus SASL support, will be able to
authenticate against all 1.x servers that do not have Cyrus SASL enabled.
Note that the CRAM-MD5 and ANONYMOUS mechanisms are actually built into
Subversion, so you'll be able to use them even if the corresponding Cyrus
SASL plugins are missing.
1.x clients without Cyrus SASL support will be able to authenticate against
1.5+ servers with SASL enabled, provided the server allows the CRAM-MD5
and/or ANONYMOUS mechanisms.
1.5+ clients with Cyrus SASL support will be able to authenticate against
1.5+ servers with SASL enabled, provided at least one of the mechanisms
supported by the server is also supported by the client.
So if your server enables CRAM-MD5 your client ought to be able to
login using LDAP username and password. That said, my understanding
is that for CRAM-MD5 to work, the server has to know your plaintext
password. If you are using LDAP, that would be unlikely. So you
would be back to running a second svnserve on another port.
Received on 2013-05-03 15:08:35 CEST