Re: [neon] Re: excessive data transfer with SSPI

[Joe Orton <jo...@manyfish.co.uk>]

On Thu, Jan 12, 2006 at 06:37:41PM +0100, steveking wrote:
> We've already got a couple of reports from users using the 1.3.0RC1/2 
> versions of TortoiseSVN that they can't connect to their repositories 
> anymore because of this. Some could make it work by disabling the guest 
> account, but some of them simply can't disable that account because they 
> need it.
> 
> Do you have an idea on how to solve this? Maybe a new option for 
> mod_auth_sspi to not authenticate as user "guest"? Or is a change in 
> neon required? Or in Subversion?
> 
> Maybe the whole SSPI auth feature could be made run-time configurable in 
> neon and not compile-time configurable?

Yes, allowing the application to select which auth protocols to enable 
is something that's on the TODO list.  (it is relatively simple to 
implement in neon, but requires some new interfaces; making it 
configurable in Subversion is probably more work)

Regards,

joe

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [neon] Re: excessive data transfer with SSPI

[Joe Orton <jo...@manyfish.co.uk>]

On Sat, Jan 21, 2006 at 07:07:21PM +0100, Stefan Küng wrote:
> Joe Orton wrote:
> >On Thu, Jan 12, 2006 at 06:37:41PM +0100, steveking wrote:
> >>Maybe the whole SSPI auth feature could be made run-time configurable in 
> >>neon and not compile-time configurable?
> >
> >Yes, allowing the application to select which auth protocols to enable 
> >is something that's on the TODO list.  (it is relatively simple to 
> >implement in neon, but requires some new interfaces; making it 
> >configurable in Subversion is probably more work)
> 
> I'd really appreciate it if you could implement those interfaces in neon 
> soon. Once that's done, I can try (or maybe someone else more familiar 
> with Subversion) to implement this in the Subversion lib.

This is done now on the trunk; the new interfaces are ne_add_*_auth, 
which can be used instead of ne_set_*_auth:

http://svn.webdav.org/repos/projects/neon/trunk/src/ne_auth.h

joe

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [neon] Re: excessive data transfer with SSPI

[Stefan Küng <to...@gmail.com>]

Joe Orton wrote:
> On Thu, Jan 12, 2006 at 06:37:41PM +0100, steveking wrote:
>> We've already got a couple of reports from users using the 1.3.0RC1/2 
>> versions of TortoiseSVN that they can't connect to their repositories 
>> anymore because of this. Some could make it work by disabling the guest 
>> account, but some of them simply can't disable that account because they 
>> need it.
>>
>> Do you have an idea on how to solve this? Maybe a new option for 
>> mod_auth_sspi to not authenticate as user "guest"? Or is a change in 
>> neon required? Or in Subversion?
>>
>> Maybe the whole SSPI auth feature could be made run-time configurable in 
>> neon and not compile-time configurable?
> 
> Yes, allowing the application to select which auth protocols to enable 
> is something that's on the TODO list.  (it is relatively simple to 
> implement in neon, but requires some new interfaces; making it 
> configurable in Subversion is probably more work)

I'd really appreciate it if you could implement those interfaces in neon 
soon. Once that's done, I can try (or maybe someone else more familiar 
with Subversion) to implement this in the Subversion lib.

Right now, I've disabled SSPI support in the 1.3.x versions of TSVN: 
it's better to not introduce new features which can prevent existing 
users to connect to their repository without any chance of working 
around it with an option/setting/whatever.
It's enabled on TSVN trunk however, so I can run tests and let others 
test it as well.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org