I think this is the issue I have hit:
http://subversion.tigris.org/issues/show_bug.cgi?id=3394
Does anyone know if there is any progress with this problem?
Victor Sudakov wrote:
> Dear Colleagues:
>
> I have two Kerberos realms: SIBPTUS.RU and SIBPTUS.TOMSK.RU with
> mutual trust.
>
> svnserve is configured to use Kerberos:
>
> [general]
> anon-access = none
> auth-access = write
> realm = SIBPTUS.RU
> #realm = SIBPTUS.TOMSK.RU
> #realm = GSS_C_NO_NAME
> #realm = GSS_C_NO_CREDENTIAL
> [sasl]
> use-sasl = true
>
> If I uncomment the 'realm = SIBPTUS.TOMSK.RU' line, svnserve does not
> authenticate users from the SIBPTUS.RU realm, and vice versa:
>
> svn: E170013: Unable to connect to a repository at URL 'XXXXXXXXXXXXXXXXXXXXXX
> svn: E170001: Authentication error from server: SASL(-5): bad protocol / cancel: security flags do not match required
>
> Can I configure svnserve/SASL to authenticate clients from both
> realms? It would be great if svnserve considers john_at_SIBPTUS.RU and
> john_at_SIBPTUS.TOMSK.RU different users (from the point of view of
> logging etc).
>
> I have tried GSS_C_NO_NAME and GSS_C_NO_CREDENTIAL as realm names,
> without any success.
>
> I am using this setup (two realms) very successfully with sshd (via
> the ~/.k5login mechanism) and with the squid kerberos helper which
> does not care about the realm and just passes user_at_REALM to squid
> itself. Only svnserve seems to be a problem.
>
> Thanks in advance for any input.
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> sip:sudakov_at_sibptus.tomsk.ru
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov_at_sibptus.tomsk.ru
Received on 2016-03-13 19:59:09 CET