[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Windows Cached credential problem

From: Tom Kielty <calbuildmaster_at_gmail.com>
Date: Fri, 25 Apr 2014 11:56:24 -0500

On Fri, Apr 25, 2014 at 11:10 AM, Mark Phippard <markphip_at_gmail.com> wrote:

> On Fri, Apr 25, 2014 at 11:45 AM, Tom Kielty <calbuildmaster_at_gmail.com>wrote:
>
>> Last night we upgraded our server to 1.8.8. Everything smooth. However,
>> we are seeing some strange behavior regarding usernames.
>>
>> Issue 1: One of my users on a Win 7 64 bit machine, uses the SVN CLI as
>> his client. Before the upgrade he was working fine. After the upgrade he
>> keeps getting a forbidden error. The apach logs shows he is logging in with
>> Xxx.Yyy as a username when we require and have defined in the
>> svnaccess.conf file xxx.yyy. I had him delete the auth folder reopen a
>> command window and try again. No luck. The server logs keep showing him
>> trying to login with Xxx.Yyy. I even tried to use the --username argument
>> on the update as well as a fresh checkout and it ignores it. His machine
>> credentials are Xxx.Yyy. He is the only user so far that is having this
>> problem. Any ideas what is causing this and how to fix it?
>>
>> Issue 2: An automated process on Windows 2003 R2, is having a similar
>> problem as Issue 1. The process runs as "administrator" but the cached
>> credentials are a different user. The process is able to run an update with
>> no errors, but the apach log shows an unknown username from that IP
>> attempted to access a SVN url.
>>
>> These issues seems to be new to 1.8.8. We upgraded from 1.7.5.
>>
>>
> Subversion itself does not control the username on the server, Apache
> does. Apache simply tells Subversion the username that was used.
>
> Your Subversion Apache configuration can include the following directive
> that would "fix" this problem:
>
> AuthzForceUsernameCase lower
>
> If you add that directive, Subversion will convert all usernames to lower
> case before comparing them to your access rules. Just make sure you use
> all lower case in those rules.
>
>
> --
> Thanks
>
> Mark Phippard
> http://markphip.blogspot.com/
>

Mark,

Thanks for the workaround. This solved part of Issue 1.

Why did this change? Why are SVN clients taking the logged in user name
over the cached username?

And yet with Issue2 it seems to be the opposite.

Tom
Received on 2014-04-25 18:57:34 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.