You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Vivek Khera <kh...@kcilink.com> on 2004/03/09 17:14:57 UTC

unable to authenticate to svnserve -- no challenge issued

I've searched the list archives about this, but did not find anything 
relating to this problem when running svnserve on an internal server to 
support a few developers.  From what I see out of the ethernet traces, 
no challenge is ever issued by the server for getting the user 
identity.

Subversion is installed via the FreeBSD port on FreeBSD 4.9.

I've set up svnserve as per the book chapter.  I run it with this 
command:

su svn -c "svnserve -r /home/svn/repos --foreground -d"

the svnserv.conf file is this:

--cut here--
[general]
auth-access = write
anon-access = none

[users]
password-db = passwd
realm = Khera Communications
--cut here--

and the passwd file is just this for testing purposes:

--cut here--
[users]
khera = khera
--cut here--

the passwd file is readble by the svn user and group.  The entire 
repository is owned by the svn user and is writable -- the cvs2svn 
import accessed it fine, and if I enable anon-access are read only in 
the conf file, I can check out the project.

when I try to check out an imported project, I get this error:

% svn co svn://yertle/testproject/trunk testproject
svn: No access allowed to this repository


Tracing the wire, I see these exchanges between the server and client:

 >> "( success ( 1 2 ( ANONYMOUS ) ( edit-pipeline ) ) ) "
<< "( 2 ( edit-pipeline ) 30:svn://yertle/testproject/trunk ) "
 >> "( failure ( ( 170001 36:No access allowed to this repository 
27:subversion/svnserve/serve.c 1029 ) ) ) "


isn't the server supposed to issue some sort of challenge to the client 
when it needs authenticated access?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD  +1-301-869-4449 x806
AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: unable to authenticate to svnserve -- no challenge issued

Posted by Vivek Khera <kh...@kcilink.com>.

On Mar 9, 2004, at 12:17 PM, Ben Collins-Sussman wrote:

> On Tue, 2004-03-09 at 11:14, Vivek Khera wrote:
>
>> [users]
>> password-db = passwd
>
> Hm, where is the 'passwd' file?  Does it help if you use an absolute
> path to the passwd file?

The passwd file is in the same directory as the conf file.  I just 
tried two variants: one with the full path /home/svn/repos/conf/passwd 
and one with the path relative to the -r option: /conf/passwd (thinking 
it may be chrooted).

Both resulted in the same exchange between client/server.

I did a ktrace on the server process, and I see it reads the conf file 
fine, but it doesn't seem to ever try to read the passwd file between 
the time it reads the conf file and when it issues the "no access 
allowed" error:


  63500 svnserve CALL  read(0xe,0x8068000,0x2000)
  63500 svnserve GIO   fd 14 read 171 bytes
        "### Visit http://subversion.tigris.org/ for more information.

         [general]
         auth-access = write
         anon-access = none

         [users]
         password-db = passwd
         realm = Khera Communications
        "
  63500 svnserve RET   read 171/0xab
  63500 svnserve CALL  read(0xe,0x8068000,0x2000)
  63500 svnserve GIO   fd 14 read 0 bytes
        ""
  63500 svnserve RET   read 0
  63500 svnserve CALL  close(0xe)
  63500 svnserve RET   close 0
  63500 svnserve CALL  write(0x4,0x805b030,0x67)
  63500 svnserve GIO   fd 4 wrote 103 bytes
        "( failure ( ( 170001 36:No access allowed to this repository 
27:subver\
         sion/svnserve/serve.c 1029 ) ) ) "
  63500 svnserve RET   write 103/0x67
  63500 svnserve CALL  close(0x4)


Is there some way to check if something is missing from my svnserve 
excutable that would make this fail?  I didn't see a debug option to be 
verbose to stderr or something like that.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: unable to authenticate to svnserve -- no challenge issued

Posted by Ben Collins-Sussman <su...@collab.net>.

On Tue, 2004-03-09 at 11:14, Vivek Khera wrote:

> [users]
> password-db = passwd

Hm, where is the 'passwd' file?  Does it help if you use an absolute
path to the passwd file?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: unable to authenticate to svnserve -- no challenge issued

Posted by Gerco Ballintijn <ge...@cwi.nl>.

Hi,

Vivek Khera wrote:
> 
> On Mar 9, 2004, at 12:48 PM, Ben Collins-Sussman wrote:
> 
>> Aha, there's the problem.  :-)
>>
>> The 'password-db' needs to live in the [general] section.  So does
>> 'realm'.
>>
> 
> Ahhhh.  Now that I know this, I see how I misread the comments in the 
> sample conf file, particularly this part:
> 
> ### This option controls the location of the password database.  This
> ### path may be relative to the conf directory.  There is no default.
> ### The format of the password database is:
> ### [users]
> ### USERNAME = PASSWORD
> 
> I had uncommented the [users] line in the sample...
> 
> Anyhow, now that I change it to have just the [global] section in the 
> conf file, it does seem to authenticate me...
> 

I was bitten by this as well. Maybe the subtlety of one '#' vs three 
'#'-s is too subtle? Can the uncommented part about the passwd file not 
simply be put in a separate file? That is, let svnadmin create both a
boilerplate for svnserve.conf and for passwd?

Gerco.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: unable to authenticate to svnserve -- no challenge issued

Posted by Vivek Khera <kh...@kcilink.com>.

On Mar 9, 2004, at 12:48 PM, Ben Collins-Sussman wrote:

> Aha, there's the problem.  :-)
>
> The 'password-db' needs to live in the [general] section.  So does
> 'realm'.
>

Ahhhh.  Now that I know this, I see how I misread the comments in the 
sample conf file, particularly this part:

### This option controls the location of the password database.  This
### path may be relative to the conf directory.  There is no default.
### The format of the password database is:
### [users]
### USERNAME = PASSWORD

I had uncommented the [users] line in the sample...

Anyhow, now that I change it to have just the [global] section in the 
conf file, it does seem to authenticate me...

Thanks!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: unable to authenticate to svnserve -- no challenge issued

Posted by Ben Collins-Sussman <su...@collab.net>.

On Tue, 2004-03-09 at 11:14, Vivek Khera wrote:

> --cut here--
> [general]
> auth-access = write
> anon-access = none
> 
> [users]
> password-db = passwd
> realm = Khera Communications

Aha, there's the problem.  :-)

The 'password-db' needs to live in the [general] section.  So does
'realm'.

The [users] section only exists in the 'passwd' file.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org