[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN E170001: Authentication error with specific user/realm/pw combinations while many other work!

From: NOCERA, ANDY <an2124_at_att.com>
Date: Fri, 13 Apr 2018 17:55:16 +0000

Summary: SVN E170001: Authentication error with specific user/realm/pw combinations while many other work!

Observations/Workarounds

While there is a work around, by simply changing the password, we have an unusual reoccurring issue with some user/realm/password combinations. It's a problem

setting the same password to many repos.

The issue shows up under both CRAM-MD5 and DIGEST-MD5, but not for the same user/realm/password.

From and SVN perspective:

How do I get svn/svnserve to log the hashed response so I can compare it outside of SASL and MYSQL.

I suspect our method to generate the hashed CRAM-MD5 and DIGEST-MD5 that we store in mysql has a bug, what is a good place to locate source for this program.

Use Case is a simple svn task: $svn list svn://SVN.HOST.DOMAIN:12000

Server Config

               svnserver configured via sasl mechanism CRAM-MD5 and/or Digest-MD5 -

               Hashed passwd stored in mysqlDB

               separate realm for each repo

Assumptions:

               Since it works most of the time, configurations are correct.

Issue: Some password combinations return svn: E170001: Authentication error from server: SASL(-13): authentication failure: incorrect digest response

User/process quick check: when we suspect an issue we compare the generated hash with DB stored hash to rule out, process, user and DB issue.

               gen_hash - user realm passwd using sasl_passwd binary

               query_hash - query user realm from MYSQL DB

               inspect HEX gen_hash ~ HEX query_hash

if hash matches, we expect $svn list user passwd svn://SVN.HOST.DOMAIN:12000 to be successful.

Summary Sample tests updating mysqlDB and running svn list using a different password

                              Works- Capmpwds2018

                              Works- apmpwds2018

                              Fails- capmpwds2018

                              Works- cApmpwds2018

Test SCRIPT

ksh ./add_user.sh:prod m80154 Capmpwds2018 capmbat2 update

               The DB agrees with user/pw/realm

                              DB cmusaslsecretCRAM-MD5 6FE5A5552D2F13F7BDBF6FB2AE9B1A125313C2BA79479D153877B95CFA9DFC29

                              Commandline CRAM USER:HEX/UN 6FE5A5552D2F13F7BDBF6FB2AE9B1A125313C2BA79479D153877B95CFA9DFC29

                              Success m80154 - /opt/app/scm/svn/binaries/svn_1.9.7/bin/svn --no-auth-cache --username m80154 --password Capmpwds2018 list svn://SVN.HOST.DOMAIN:12000

$ksh ./add_user.sh:prod m80154 apmpwds2018 capmbat2 update

               The DB agrees with user/pw/realm

                              DB cmusaslsecretCRAM-MD5 6A2912411C7616DECF97A2B7582ADEF4855C3B4E4373046832D242AEC4AC08E2

                              Commandline CRAM USER:HEX/UN 6A2912411C7616DECF97A2B7582ADEF4855C3B4E4373046832D242AEC4AC08E2

               Success m80154 - /opt/app/scm/svn/binaries/svn_1.9.7/bin/svn --no-auth-cache --username m80154 --password apmpwds2018 list svn://SVN.HOST.DOMAIN:12000

ksh ./add_user.sh:prod m80154 capmpwds2018 capmbat2 update

               The DB agrees with user/pw/realm

                              DB cmusaslsecretCRAM-MD5 59B803D644BC84CF91230A8FFEA371A3421AE83003009232483A3FEF5B90BE6A

                              Commandline CRAM USER:HEX/UN 59B803D644BC84CF91230A8FFEA371A3421AE83003009232483A3FEF5B90BE6A

               Failed m80154 /opt/app/scm/svn/binaries/svn_1.9.7/bin/svn --no-auth-cache --username m80154 --password capmpwds2018 list svn://SVN.HOST.DOMAIN:12000

                              svn: E170013: Unable to connect to a repository at URL 'svn://SVN.HOST.DOMAIN:12000'

                              svn: E170001: Authentication error from server: SASL(-13): authentication failure: incorrect digest response

$ksh ./add_user.sh:prod m80154 cApmpwds2018 capmbat2 update

The DB agrees with user/pw/realm

               DB cmusaslsecretCRAM-MD5 9328603F62A27B23C3A01149D8CA97BB5885F9163C9498918FDD2223439EED26

               Commandline CRAM USER:HEX/UN 9328603F62A27B23C3A01149D8CA97BB5885F9163C9498918FDD2223439EED26

Success m80154 - /opt/app/scm/svn/binaries/svn_1.9.7/bin/svn --no-auth-cache --username m80154 --password cApmpwds2018 list svn://SVN.HOST.DOMAIN:12000

-
Received on 2018-04-13 19:55:37 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.