You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Rippit the Ogg Frog <ri...@oggfrog.com> on 2009/08/10 17:18:53 UTC

Can't authenticate with svnserve + SASL

Greetings, I just registered at Tigris.org.

I have set up an svnserve server with Cyrus-SASL digest-md5 authentication, but when I try to do an "svn co" I always get:

svn: Authentication error from server: SASL(-13): authentication failure: client response doesn't match what we generated

That sounds like it thinks I'm entering an incorrect password, but I'm quite certain I've got it right.  Just to make sure, I've reset my password on the server several times, including setting a very simple, easy-to-type password.

Before I set up this server, I set up svnserve+SASL on a local Linux box just to make sure I understood how it all would work, and I was able to authenticate just fine.

However, that was using Fedora 11, whereas my production server runs Slackware 8, and required that I build Subversion, Cyrus-SASL, the Apache Portable Runtime and APR-Utils from source.

I got the Subversion and Cyrus-SASL sources from Slackware 12 and backported the SlackBuild scripts to build Slack packages on Slackware 8.  I created Slack packages for APR and APR-Utils manually.

If there is a problem with the versions of things I could build my Slack packages with the latest sources.

Here are all the versions.  First my client:

Mac OS X 10.5.7 Intel
Subversion 1.5.4 (from Apple Xcode 3.1.2)

Server:

Slackware 8
Subversion 1.5.4
Cyrus-SASL 2.1.22
Apache Portable Runtime 1.3.8
APR-Util 1.3.9

Thanks for your help! -- Rippit

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2382136

To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].

RE: Can't authenticate with svnserve + SASL

Posted by Rippit the Ogg Frog <ri...@oggfrog.com>.
I should have also included my config files...

$ grep -v \# svnserve.conf

[general]
anon-access = none
auth-access = write
realm = oggfrog

[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 128

... when I'm prompted for my password, the realm is correctly shown as "oggfrog".

$ cat /etc/sasl2/svn.conf 
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /etc/sasl2/svn_passwd
mech_list: DIGEST-MD5

Does it matter whether DIGEST-MD5 is upper or lower case?

Here is the config command from the Cyrus-SASL SlackBuild scrip:

./configure \
  --prefix=/usr \
  --sysconfdir=/etc \
  --localstatedir=/var \
  --disable-static \
  --enable-login \
  --disable-anon \
  --without-ldap \
  --with-saslauthd \
  --without-des \
  --with-gdbm \
  --with-dblib=gdbm

ls /usr/lib/sasl2/ | cat
libcrammd5.la*
libcrammd5.so@
libcrammd5.so.2@
libcrammd5.so.2.0.22*
libdigestmd5.la*
libdigestmd5.so@
libdigestmd5.so.2@
libdigestmd5.so.2.0.22*
liblogin.la*
liblogin.so@
liblogin.so.2@
liblogin.so.2.0.22*
libplain.la*
libplain.so@
libplain.so.2@
libplain.so.2.0.22*
libsasldb.la*
libsasldb.so@
libsasldb.so.2@
libsasldb.so.2.0.22*

... so SASL should support digest-md5.

Thanks again! -- Rippit

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2382169

To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].