Mark Tsuchida wrote on Mon, Aug 19, 2013 at 11:19:42 -0700:
> svn co https://our.server.com/svn/myrepo/trunk -> Requires
> authentication with client 1.8.x but not with 1.6.x or 1.7.x
> svn list https://our.server.com/svn/myrepo/trunk -> Works even with 1.8.1
> svn list https://our.server.com/svn/myrepo -> Requires auth, as expected
>
> The 1.8.x clients can successfully check out myrepo/trunk if a
> username and password are given, for a user with access to the
> repository root.
>
> I have so far been unable to reproduce this with a simplified test
> repository, so any hints as to where to look would be much
> appreciated.
You could mount your real repository on a test <Location>, at
a different URI, that uses IP-whitelisting to permit only your
workstation, and then fiddle with the settings (<Location> directives,
authz file contents, etc.) to see if you can identify the problem.
Information that might be relevant includes:
- The authz file
- The <Location> block
- Whether 1.7.x reproduces the problem under either serf and neon (did
you test with each of them?)
- Whether the problem reproduces with 1.6.17
Also, you should upgrade to at least 1.6.17, if not 1.7.11 or 1.8.1, to
pick up fixes to security issues. (An upgrade to at least 1.7 could
easily fix your problem, too, since it'll enable 1.7+ clients to talk
HTTPv2, which will avoid the HTTP-non-v2 compatibility codepath (unless
you have 1.6 clients too...).)
Received on 2013-08-19 21:07:08 CEST