You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by techtonik <te...@gmail.com> on 2007/03/29 12:51:42 UTC
SSPI reauthentication during commit fails it
Hello,
Yet another problem with Subversion and NTLM / SSPI.
During commit after successful authentcation at the beginning and a
couple of requests afteerward server sends second request to
reauthenticate and at that point commit fails. In my case request for
reauthentication is sent after approximately 230 files 1.1Mb in total,
but it is possible to force reauthentication on every request with
"SSPIPerRequestAuth On" and then commit fails almost immediately.
I've tried to connect over HTTPS with standard SVN 1.4.3 binary and
with one compiled against Neon 0.25.5 and the result is the same. I
attach log of HTTPS request with "SSPIPerRequestAuth On" using
standard SVN 1.4.3 client binary for windows.
Any workarounds this time?
--
--anatoly t.
Re: SSPI reauthentication during commit fails it
Posted by techtonik <te...@gmail.com>.
I am afraid it's not the case. My repository names are all lowercase
both on client and server side. And I also have authorization set only
for modification queries.
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
In the log I attached previously it can be seen that SVN authenticates
only once and does it successfully, but subsequent requests to
reauthenticate from server make it fail.
On 3/29/07, Eric Lemes <er...@gmail.com> wrote:
>
> I have a similar problem, in a Windows 2003 SVN Server (1.4.0 Apache 2.0.x).
>
> If the repos has a name REPOS in the server, and you checkout it as
> http://server/svn/repos, the authorization works in the checkout/update but
> fails in commit.
>
> You need to relocate the working copy to http://server/svn/REPOS (I can do
> this in TortoiseSVN). Then the commit works.
>
>
> Eric
>
--
--anatoly t.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SSPI reauthentication during commit fails it
Posted by Eric Lemes <er...@gmail.com>.
On 3/29/07, techtonik <te...@gmail.com> wrote:
>
> Hello,
>
> Yet another problem with Subversion and NTLM / SSPI.
> During commit after successful authentcation at the beginning and a
> couple of requests afteerward server sends second request to
> reauthenticate and at that point commit fails. In my case request for
> reauthentication is sent after approximately 230 files 1.1Mb in total,
> but it is possible to force reauthentication on every request with
> "SSPIPerRequestAuth On" and then commit fails almost immediately.
>
> I've tried to connect over HTTPS with standard SVN 1.4.3 binary and
> with one compiled against Neon 0.25.5 and the result is the same. I
> attach log of HTTPS request with "SSPIPerRequestAuth On" using
> standard SVN 1.4.3 client binary for windows.
Hello...
I have a similar problem, in a Windows 2003 SVN Server (1.4.0 Apache 2.0.x).
If the repos has a name REPOS in the server, and you checkout it as
http://server/svn/repos, the authorization works in the checkout/update but
fails in commit.
You need to relocate the working copy to http://server/svn/REPOS (I can do
this in TortoiseSVN). Then the commit works.
Eric
RE: SSPI reauthentication during commit fails it
Posted by Bert Huijben <be...@qqn.nl>.
Hi,
> -----Original Message-----
> From: techtonik [mailto:techtonik@gmail.com]
> Sent: vrijdag 6 april 2007 9:32
> Cc: users@subversion.tigris.org
> Subject: Re: SSPI reauthentication during commit fails it
>
> Tested with Neon 0.26.3 - the save problem - after 100 successful
> requests server proposes to authenticate again and commit fails.
>
> Debug log is attached.
The SSPI authentication works with keep-alive connections; after an initial successful authorization the connection stays authorized for multiple requests over the same connection. Apache by default limits the number of requests to 100 per connection. (The number you see)
The default configuration of apache is
MaxKeepAliveRequests 100
(See http://httpd.apache.org/docs/2.2/mod/core.html#maxkeepaliverequests)
So a workaround might be to set this number higher; but I think neon should transparently try to use a new connection without asking subversion to authenticate again.
Bert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: SSPI reauthentication during commit fails it
Posted by Bert Huijben <be...@qqn.nl>.
> When basic authorization is turned on there is no problem with Apache.
> Subversion client is not asked to authenticate again.
With a working SSPI authentication, subversion is never asked to authenticate. The Neon Http library does this for subversion for this type of authentication. Looking through the neon mailing list archive I found several references to this problem.
This mail from March 28 contains a patch which might resolve the problem:
http://mailman.webdav.org/pipermail/neon/2007-March/002421.html
(It doesn't look this patch has been committed to the neon repository yet)
Bert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SSPI reauthentication during commit fails it
Posted by techtonik <te...@gmail.com>.
On 4/6/07, Bert Huijben <be...@qqn.nl> wrote:
> > -----Original Message-----
> > From: techtonik [mailto:techtonik@gmail.com]
> >
> > Tested with Neon 0.26.3 - the save problem - after 100 successful
> > requests server proposes to authenticate again and commit fails.
> >
> > Debug log is attached.
>
> The SSPI authentication works with keep-alive connections; after an initial successful authorization the connection stays authorized for multiple requests over the same connection. Apache by default limits the number of requests to 100 per connection. (The number you see)
>
> The default configuration of apache is
> MaxKeepAliveRequests 100
> (See http://httpd.apache.org/docs/2.2/mod/core.html#maxkeepaliverequests)
>
> So a workaround might be to set this number higher; but I think neon should transparently try to use a new connection without asking subversion to authenticate again.
When basic authorization is turned on there is no problem with Apache.
Subversion client is not asked to authenticate again.
--
--anatoly t.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SSPI reauthentication during commit fails it
Posted by techtonik <te...@gmail.com>.
Tested with Neon 0.26.3 - the save problem - after 100 successful
requests server proposes to authenticate again and commit fails.
Debug log is attached.
On 4/5/07, techtonik <te...@gmail.com> wrote:
> To clarify the issue further I attach full SVN debug log that shows
> that failure happened after exactly 100 successful HTTPS requests
> when server asked to reauthenticate and there is no dependency or
> specific restrictions on requests..
>
> On 3/30/07, techtonik <te...@gmail.com> wrote:
> > It could be the same, although in my case authentication fails
> > immediately on second request if SSPIPerRequestAuth is On. Seems like
> > authentication is not dependent on time or amount of traffic, but on
> > the exact number of HTTP requests sent to server, because it
> > constantly fails at the same file. In my case server allows exactly
> > 100 requests without second reauthentication. Grep log with responses
> > is attached.
> >
> >
> > On 3/29/07, Samay <ge...@hotmail.com> wrote:
> > > Hi,
> > >
> > > similar to this http://svn.haxx.se/users/archive-2006-09/1336.shtml?
> > >
> > > regards
> > > S.
> > >
> > >
> > > ----- Original Message -----
> > > From: "techtonik" <te...@gmail.com>
> > > To: <us...@subversion.tigris.org>
> > > Sent: Thursday, March 29, 2007 10:51 PM
> > > Subject: SSPI reauthentication during commit fails it
> > >
> > > > Hello,
> > > >
> > > > Yet another problem with Subversion and NTLM / SSPI.
> > > > During commit after successful authentcation at the beginning and a
> > > > couple of requests afteerward server sends second request to
> > > > reauthenticate and at that point commit fails. In my case request for
> > > > reauthentication is sent after approximately 230 files 1.1Mb in total,
> > > > but it is possible to force reauthentication on every request with
> > > > "SSPIPerRequestAuth On" and then commit fails almost immediately.
> > > >
> > > > I've tried to connect over HTTPS with standard SVN 1.4.3 binary and
> > > > with one compiled against Neon 0.25.5 and the result is the same. I
> > > > attach log of HTTPS request with "SSPIPerRequestAuth On" using
> > > > standard SVN 1.4.3 client binary for windows.
> > > >
> > > > Any workarounds this time?
> > > >
> > > > --
> > > > --anatoly t.
> > > >
> > >
> > >
> > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > > > For additional commands, e-mail: users-help@subversion.tigris.org
> > >
> >
> >
> > --
> > --anatoly t.
> >
> >
>
>
> --
> --anatoly t.
>
>
--
--anatoly t.
Re: SSPI reauthentication during commit fails it
Posted by techtonik <te...@gmail.com>.
To clarify the issue further I attach full SVN debug log that shows
that failure happened after exactly 100 successful HTTPS requests
when server asked to reauthenticate and there is no dependency or
specific restrictions on requests..
On 3/30/07, techtonik <te...@gmail.com> wrote:
> It could be the same, although in my case authentication fails
> immediately on second request if SSPIPerRequestAuth is On. Seems like
> authentication is not dependent on time or amount of traffic, but on
> the exact number of HTTP requests sent to server, because it
> constantly fails at the same file. In my case server allows exactly
> 100 requests without second reauthentication. Grep log with responses
> is attached.
>
>
> On 3/29/07, Samay <ge...@hotmail.com> wrote:
> > Hi,
> >
> > similar to this http://svn.haxx.se/users/archive-2006-09/1336.shtml?
> >
> > regards
> > S.
> >
> >
> > ----- Original Message -----
> > From: "techtonik" <te...@gmail.com>
> > To: <us...@subversion.tigris.org>
> > Sent: Thursday, March 29, 2007 10:51 PM
> > Subject: SSPI reauthentication during commit fails it
> >
> > > Hello,
> > >
> > > Yet another problem with Subversion and NTLM / SSPI.
> > > During commit after successful authentcation at the beginning and a
> > > couple of requests afteerward server sends second request to
> > > reauthenticate and at that point commit fails. In my case request for
> > > reauthentication is sent after approximately 230 files 1.1Mb in total,
> > > but it is possible to force reauthentication on every request with
> > > "SSPIPerRequestAuth On" and then commit fails almost immediately.
> > >
> > > I've tried to connect over HTTPS with standard SVN 1.4.3 binary and
> > > with one compiled against Neon 0.25.5 and the result is the same. I
> > > attach log of HTTPS request with "SSPIPerRequestAuth On" using
> > > standard SVN 1.4.3 client binary for windows.
> > >
> > > Any workarounds this time?
> > >
> > > --
> > > --anatoly t.
> > >
> >
> >
> >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > > For additional commands, e-mail: users-help@subversion.tigris.org
> >
>
>
> --
> --anatoly t.
>
>
--
--anatoly t.
Re: SSPI reauthentication during commit fails it
Posted by techtonik <te...@gmail.com>.
It could be the same, although in my case authentication fails
immediately on second request if SSPIPerRequestAuth is On. Seems like
authentication is not dependent on time or amount of traffic, but on
the exact number of HTTP requests sent to server, because it
constantly fails at the same file. In my case server allows exactly
100 requests without second reauthentication. Grep log with responses
is attached.
On 3/29/07, Samay <ge...@hotmail.com> wrote:
> Hi,
>
> similar to this http://svn.haxx.se/users/archive-2006-09/1336.shtml?
>
> regards
> S.
>
>
> ----- Original Message -----
> From: "techtonik" <te...@gmail.com>
> To: <us...@subversion.tigris.org>
> Sent: Thursday, March 29, 2007 10:51 PM
> Subject: SSPI reauthentication during commit fails it
>
> > Hello,
> >
> > Yet another problem with Subversion and NTLM / SSPI.
> > During commit after successful authentcation at the beginning and a
> > couple of requests afteerward server sends second request to
> > reauthenticate and at that point commit fails. In my case request for
> > reauthentication is sent after approximately 230 files 1.1Mb in total,
> > but it is possible to force reauthentication on every request with
> > "SSPIPerRequestAuth On" and then commit fails almost immediately.
> >
> > I've tried to connect over HTTPS with standard SVN 1.4.3 binary and
> > with one compiled against Neon 0.25.5 and the result is the same. I
> > attach log of HTTPS request with "SSPIPerRequestAuth On" using
> > standard SVN 1.4.3 client binary for windows.
> >
> > Any workarounds this time?
> >
> > --
> > --anatoly t.
> >
>
>
>
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
>
--
--anatoly t.
Re: SSPI reauthentication during commit fails it
Posted by Samay <ge...@hotmail.com>.
Hi,
similar to this http://svn.haxx.se/users/archive-2006-09/1336.shtml?
regards
S.
----- Original Message -----
From: "techtonik" <te...@gmail.com>
To: <us...@subversion.tigris.org>
Sent: Thursday, March 29, 2007 10:51 PM
Subject: SSPI reauthentication during commit fails it
> Hello,
>
> Yet another problem with Subversion and NTLM / SSPI.
> During commit after successful authentcation at the beginning and a
> couple of requests afteerward server sends second request to
> reauthenticate and at that point commit fails. In my case request for
> reauthentication is sent after approximately 230 files 1.1Mb in total,
> but it is possible to force reauthentication on every request with
> "SSPIPerRequestAuth On" and then commit fails almost immediately.
>
> I've tried to connect over HTTPS with standard SVN 1.4.3 binary and
> with one compiled against Neon 0.25.5 and the result is the same. I
> attach log of HTTPS request with "SSPIPerRequestAuth On" using
> standard SVN 1.4.3 client binary for windows.
>
> Any workarounds this time?
>
> --
> --anatoly t.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org