You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by dan <da...@gmail.com> on 2008/10/29 17:49:03 UTC
1.5 clients can't authenticate to 1.4.6 Server
We've been using Subversion for a while now in our lab with the following setup:
The server is an Ubuntu Hardy machine with the standard Subversion
1.4.6 installed, which is accessed through apache. We are using
digest authentication.
Here is the relevant portion of our apache.conf file:
<Location /subversion >
Order allow,deny
Allow from all
DAV svn
SVNParentPath /home/subversion
AuthzSVNAccessFile /home/subversion/svn.auth
AuthType Digest
AuthName "Subversion"
AuthDigestProvider file
AuthUserFile /home/webauth/webauth.password
AuthDigestDomain /webauth
Require valid-user
</Location>
Recently, people have been updating to 1.5 clients, and we are finding
that they can no longer authenticate in order to commit. Is this a
known problem? Do we need to update the configuration in some way?
Thanks in advance for any help.
--dan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: 1.5 clients can't authenticate to 1.4.6 Server
Posted by Joe Orton <jo...@redhat.com>.
On Wed, Oct 29, 2008 at 11:49:03AM -0600, dan wrote:
> Here is the relevant portion of our apache.conf file:
>
> <Location /subversion >
> Order allow,deny
> Allow from all
> DAV svn
> SVNParentPath /home/subversion
>
> AuthzSVNAccessFile /home/subversion/svn.auth
> AuthType Digest
> AuthName "Subversion"
> AuthDigestProvider file
> AuthUserFile /home/webauth/webauth.password
> AuthDigestDomain /webauth
The AuthDigestDomain configuration is incorrect, it specifies a
protection domain which excludes the location you are trying to protect.
Remove the directive, or use, e.g.
AuthDigestDomain /subversion
See the docs for more details:
http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#AuthDigestDomain
(versions of neon older than 0.28.0 did not validate the domain
parameter sent to the client, but new ones do)
Regards, Joe
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: 1.5 clients can't authenticate to 1.4.6 Server
Posted by John Niven <jn...@bravurasolutions.com>.
> -----Original Message-----
> From: dan [mailto:danwalkeriv@gmail.com]
> Sent: Thursday, 30 October 2008 06:49
> To: users@subversion.tigris.org
> Subject: 1.5 clients can't authenticate to 1.4.6 Server
>
> We've been using Subversion for a while now in our lab with
> the following setup:
>
> The server is an Ubuntu Hardy machine with the standard Subversion
> 1.4.6 installed, which is accessed through apache. We are
> using digest authentication.
>
> Here is the relevant portion of our apache.conf file:
>
> <Location /subversion >
> Order allow,deny
> Allow from all
> DAV svn
> SVNParentPath /home/subversion
>
> AuthzSVNAccessFile /home/subversion/svn.auth
> AuthType Digest
> AuthName "Subversion"
> AuthDigestProvider file
> AuthUserFile /home/webauth/webauth.password
> AuthDigestDomain /webauth
> Require valid-user
> </Location>
>
> Recently, people have been updating to 1.5 clients, and we
> are finding that they can no longer authenticate in order to
> commit. Is this a known problem? Do we need to update the
> configuration in some way?
Slighty different configuration (1.3 vs. 1.4, and mod_auth_sspi vs. digest auth) but I used a 1.5 client against a 1.3 repository and could authenticate without any problems. In what way are your users unable to authenticate? What error message are they getting?
Cheers
John
>
> Thanks in advance for any help.
>
> --dan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: 1.5 clients can't authenticate to 1.4.6 Server
Posted by dan <da...@gmail.com>.
I read that about the compatibility of 1.x clients and servers, which
is just another reason why this issue has been so confusing. This is
what a typical transaction looks like where the authentication fails.
The user is prompted to enter his/her password, even though their
credentials are stored and this wasn't necessary in the past. After
three attempts, the authorization failed message is displayed.
$ svn update
Authentication realm: <http://hostname.com:80> Subversion
Password for 'username': *********
Authentication realm: <http://hostname.com:80> Subversion
Username: username
Password for 'username': *********
Authentication realm: <http://hostname.com:80> Subversion
Username: username
Password for 'username': *********
svn: OPTIONS of 'http://hostname.com/subversion/repo': authorization
failed (http://hostname.com)
Thanks again for the help.
--dan
On Wed, Oct 29, 2008 at 6:48 PM, Ryan Schmidt
<su...@ryandesign.com> wrote:
>
> On Oct 29, 2008, at 12:49, dan wrote:
>
>> We've been using Subversion for a while now in our lab with the following
>> setup:
>>
>> The server is an Ubuntu Hardy machine with the standard Subversion
>> 1.4.6 installed, which is accessed through apache. We are using
>> digest authentication.
>>
>> Here is the relevant portion of our apache.conf file:
>>
>> <Location /subversion >
>> Order allow,deny
>> Allow from all
>> DAV svn
>> SVNParentPath /home/subversion
>>
>> AuthzSVNAccessFile /home/subversion/svn.auth
>> AuthType Digest
>> AuthName "Subversion"
>> AuthDigestProvider file
>> AuthUserFile /home/webauth/webauth.password
>> AuthDigestDomain /webauth
>> Require valid-user
>> </Location>
>>
>> Recently, people have been updating to 1.5 clients, and we are finding
>> that they can no longer authenticate in order to commit. Is this a
>> known problem? Do we need to update the configuration in some way?
>
> According to the release notes, and general Subversion policy, any 1.x
> client should be able to connect to any 1.x server. What error message are
> your clients encountering?
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: 1.5 clients can't authenticate to 1.4.6 Server
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Oct 29, 2008, at 12:49, dan wrote:
> We've been using Subversion for a while now in our lab with the
> following setup:
>
> The server is an Ubuntu Hardy machine with the standard Subversion
> 1.4.6 installed, which is accessed through apache. We are using
> digest authentication.
>
> Here is the relevant portion of our apache.conf file:
>
> <Location /subversion >
> Order allow,deny
> Allow from all
> DAV svn
> SVNParentPath /home/subversion
>
> AuthzSVNAccessFile /home/subversion/svn.auth
> AuthType Digest
> AuthName "Subversion"
> AuthDigestProvider file
> AuthUserFile /home/webauth/webauth.password
> AuthDigestDomain /webauth
> Require valid-user
> </Location>
>
> Recently, people have been updating to 1.5 clients, and we are finding
> that they can no longer authenticate in order to commit. Is this a
> known problem? Do we need to update the configuration in some way?
According to the release notes, and general Subversion policy, any
1.x client should be able to connect to any 1.x server. What error
message are your clients encountering?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org