[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Automatic windows authentication using serf/svn 1.8

From: Bert Huijben <bert_at_qqmail.nl>
Date: Wed, 19 Jun 2013 14:49:29 +0200



I see the same problem on a setup which I setup years ago.


The configuration used for years is:

<Location /svn>

  AuthName "My Subversion Repositories"

  AuthType SSPI


  SSPIAuth On

  SSPIAuthoritative On

  SSPIDomain MyDomain

  SSPIOmitDomain On

  SSPIOfferBasic On

  SSPIUsernameCase lower

  #SSPIPackage Negotiate


  Require valid-user



  DAV svn

  SVNListParentPath on

  SVNParentPath D:/Databases/Subversion/repos

  AuthzSVNAccessFile D:/Databases/Subversion/etc/subversion.xs



If I enable the 'SSPIPackage Negotiate' line (which I just added) then my
Subversion 1.8 clients appear to authenticate correctly, but my neon based
1.7 clients fail with an even worse error that can't be resolved by just
typing the password.





From: Gert Kello [mailto:gert.kello_at_gmail.com]
Sent: woensdag 19 juni 2013 14:01
To: users_at_subversion.apache.org
Subject: Re: Automatic windows authentication using serf/svn 1.8


Sorry, I did not mention it specifically:

I can authenticate when I type in my domain user name/password when
prompted. And, they are cached so they must be entered only once (per each
domain password change I assume).

But I would prefer if the authentication ticket is obtained from currently
logged in windows user, not to type user name/password manually. That part
is failing...




On 19 June 2013 14:02, Stefan Sperling <stsp_at_elego.de <mailto:stsp_at_elego.de>
> wrote:

On Wed, Jun 19, 2013 at 10:48:35AM +0300, Gert Kello wrote:
> Hi.
> Our team is using subversion server hosted on windows machine by Apache
> https protocol and is using SSPI authentication. With svn 1.7 everything
> works fine, including automatic authentication with currently logged in
> windows user.
> Today I upgraded to svn 1.8 and the automatic authentication does not work
> anymore. If I set http-library = serf then 1.7 client fails to perform
> automatic authentication as well.
> Is there some configuration setting I am missing or is it limitation of
> serf library?
> Gert

I don't know anything about Windows authentication, but I could
get some hints from Ivan Zhakov via IRC (he doesn't follow this
mailing list). Perhaps this information helps:

Apparently, if the server uses NTLM only, serf cannot authenticate
to it, while neon could. serf supports SPNego though:

Does this apply to your situation? Can you fix the problem by
changing the server's configuration?

The 1.8 release notes currently do not document the issue with NTLM-only
servers. In my opinion they should mention it.

Received on 2013-06-19 14:50:36 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.