You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Frank Jaworski <fd...@gmail.com> on 2012/02/03 12:02:04 UTC
Subversion 1.7.2 - Repeated Authentication Attempts
Hello. We have our subversion repositories linked to a RADIUS server via
https. When we access our repository via various SVN clients (TortoiseSVN,
CollabNet, etc...), instead of one authentication per session, there is one
authentication per action. For example, simply selecting "repo-browser"
from TortoiseSVN leads to this:
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:22 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Fri Jan 27 06:33:23 2012 : Auth: Login OK: [fdj2] (from client
osscvs2.cit port 0)
Is there a setting wrong in my subversion.conf file, or is this is just how
it works? When I log directly into the repository via web browser, there
is only one authentication.
Thanks!
Re: Subversion 1.7.2 - Repeated Authentication Attempts
Posted by Stefan Sperling <st...@elego.de>.
On Tue, Feb 07, 2012 at 03:32:02AM -0800, Frank Jaworski wrote:
> Hello,
>
> So, for example, I did an "export" using TortoiseSVN:
>
> Which led to this on our RADIUS server log:
>
> Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
> port 0)
[snip]
> Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
> port 0)
>
>
> This is with:
>
> KeepAlive On
> MaxKeepAliveRequests 0
> KeepAliveTimeout 60
>
> I still don't expect that many authentications.
I don't know how apache httpd is configured to talk to the radius
server. It seems like it doesn't keep any state for authenticated
users, but rather contacts the radius server on each request,
i.e. whenever it has to decide whether a user is allowed to access
a <Location> that maps to a Subversion repository.
So, yes, it does look like radius authentication kicks in per request,
rather than per TCP connection. But I don't know how it could be fixed.
Re: Subversion 1.7.2 - Repeated Authentication Attempts
Posted by Frank Jaworski <fd...@gmail.com>.
Hello,
So, for example, I did an "export" using TortoiseSVN:
Which led to this on our RADIUS server log:
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:24 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
Tue Feb 7 06:28:25 2012 : Auth: Login OK: [fdj2] (from client osscvs2.cit
port 0)
This is with:
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 60
I still don't expect that many authentications.
Re: Subversion 1.7.2 - Repeated Authentication Attempts
Posted by Stefan Sperling <st...@elego.de>.
On Tue, Feb 07, 2012 at 08:52:24AM +0100, Ulrich Eckhardt wrote:
> Am 03.02.2012 12:02, schrieb Frank Jaworski:
> >Hello. We have our subversion repositories linked to a RADIUS server via
> >https. When we access our repository via various SVN clients (TortoiseSVN,
> >CollabNet, etc...), instead of one authentication per session, there is one
> >authentication per action.
>
> According to what I remember from a recent thread here (couldn't
> locate it any more, sorry, but it was ~2..3 weeks ago), this is
> normal behaviour. What you perceive as a "session" just isn't, since
> each operation makes one HTTP request on a separate TCP connection
> and thus requires separate authentication.
Not sure what Frank means when he says "action".
If one action is an update, a commit, and so on, then yes, this is how
Subversion normally works. However it is possible to configure single
sign-on with Apache modules such as mod_auth_kerb which makes
authentication mostly transparent to users.
If you are being asked to authenticate multiple times during the
same operation (such as during one "update"), enabling KeepAlive
and setting a high KeepAliveTimeout in the apache httpd config should
help. This option allows Subversion clients to issue multiple requests
over a single TCP connection. httpd.apache.org/docs/current/mod/core.html#kee
Re: Subversion 1.7.2 - Repeated Authentication Attempts
Posted by Ulrich Eckhardt <ul...@dominolaser.com>.
Am 03.02.2012 12:02, schrieb Frank Jaworski:
> Hello. We have our subversion repositories linked to a RADIUS server via
> https. When we access our repository via various SVN clients (TortoiseSVN,
> CollabNet, etc...), instead of one authentication per session, there is one
> authentication per action.
According to what I remember from a recent thread here (couldn't locate
it any more, sorry, but it was ~2..3 weeks ago), this is normal
behaviour. What you perceive as a "session" just isn't, since each
operation makes one HTTP request on a separate TCP connection and thus
requires separate authentication.
BTW: I saw you posting to subversion_users at googlegroups. There is a
mailinglist which I would suggest instead. Also, asking "Does anyone
have any input" without quoting any context will cost you a large
fraction of the readers, since many people use sub-standard mail clients
that don't support threading of messages.
Good luck!
Uli
**************************************************************************************
Domino Laser GmbH, Fangdieckstra�e 75a, 22547 Hamburg, Deutschland
Gesch�ftsf�hrer: Thorsten F�cking, Amtsgericht Hamburg HR B62 932
**************************************************************************************
Visit our website at http://www.dominolaser.com
**************************************************************************************
Diese E-Mail einschlie�lich s�mtlicher Anh�nge ist nur f�r den Adressaten bestimmt und kann vertrauliche Informationen enthalten. Bitte benachrichtigen Sie den Absender umgehend, falls Sie nicht der beabsichtigte Empf�nger sein sollten. Die E-Mail ist in diesem Fall zu l�schen und darf weder gelesen, weitergeleitet, ver�ffentlicht oder anderweitig benutzt werden.
E-Mails k�nnen durch Dritte gelesen werden und Viren sowie nichtautorisierte �nderungen enthalten. Domino Laser GmbH ist f�r diese Folgen nicht verantwortlich.
**************************************************************************************
Re: Subversion 1.7.2 - Repeated Authentication Attempts
Posted by Frank Jaworski <fd...@gmail.com>.
Does anyone have any input?