You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Vivek Khera <kh...@kcilink.com> on 2004/03/09 17:14:57 UTC
unable to authenticate to svnserve -- no challenge issued
I've searched the list archives about this, but did not find anything
relating to this problem when running svnserve on an internal server to
support a few developers. From what I see out of the ethernet traces,
no challenge is ever issued by the server for getting the user
identity.
Subversion is installed via the FreeBSD port on FreeBSD 4.9.
I've set up svnserve as per the book chapter. I run it with this
command:
su svn -c "svnserve -r /home/svn/repos --foreground -d"
the svnserv.conf file is this:
--cut here--
[general]
auth-access = write
anon-access = none
[users]
password-db = passwd
realm = Khera Communications
--cut here--
and the passwd file is just this for testing purposes:
--cut here--
[users]
khera = khera
--cut here--
the passwd file is readble by the svn user and group. The entire
repository is owned by the svn user and is writable -- the cvs2svn
import accessed it fine, and if I enable anon-access are read only in
the conf file, I can check out the project.
when I try to check out an imported project, I get this error:
% svn co svn://yertle/testproject/trunk testproject
svn: No access allowed to this repository
Tracing the wire, I see these exchanges between the server and client:
>> "( success ( 1 2 ( ANONYMOUS ) ( edit-pipeline ) ) ) "
<< "( 2 ( edit-pipeline ) 30:svn://yertle/testproject/trunk ) "
>> "( failure ( ( 170001 36:No access allowed to this repository
27:subversion/svnserve/serve.c 1029 ) ) ) "
isn't the server supposed to issue some sort of challenge to the client
when it needs authenticated access?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-301-869-4449 x806
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: unable to authenticate to svnserve -- no challenge issued
Posted by Vivek Khera <kh...@kcilink.com>.
On Mar 9, 2004, at 12:17 PM, Ben Collins-Sussman wrote:
> On Tue, 2004-03-09 at 11:14, Vivek Khera wrote:
>
>> [users]
>> password-db = passwd
>
> Hm, where is the 'passwd' file? Does it help if you use an absolute
> path to the passwd file?
The passwd file is in the same directory as the conf file. I just
tried two variants: one with the full path /home/svn/repos/conf/passwd
and one with the path relative to the -r option: /conf/passwd (thinking
it may be chrooted).
Both resulted in the same exchange between client/server.
I did a ktrace on the server process, and I see it reads the conf file
fine, but it doesn't seem to ever try to read the passwd file between
the time it reads the conf file and when it issues the "no access
allowed" error:
63500 svnserve CALL read(0xe,0x8068000,0x2000)
63500 svnserve GIO fd 14 read 171 bytes
"### Visit http://subversion.tigris.org/ for more information.
[general]
auth-access = write
anon-access = none
[users]
password-db = passwd
realm = Khera Communications
"
63500 svnserve RET read 171/0xab
63500 svnserve CALL read(0xe,0x8068000,0x2000)
63500 svnserve GIO fd 14 read 0 bytes
""
63500 svnserve RET read 0
63500 svnserve CALL close(0xe)
63500 svnserve RET close 0
63500 svnserve CALL write(0x4,0x805b030,0x67)
63500 svnserve GIO fd 4 wrote 103 bytes
"( failure ( ( 170001 36:No access allowed to this repository
27:subver\
sion/svnserve/serve.c 1029 ) ) ) "
63500 svnserve RET write 103/0x67
63500 svnserve CALL close(0x4)
Is there some way to check if something is missing from my svnserve
excutable that would make this fail? I didn't see a debug option to be
verbose to stderr or something like that.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: unable to authenticate to svnserve -- no challenge issued
Posted by Ben Collins-Sussman <su...@collab.net>.
On Tue, 2004-03-09 at 11:14, Vivek Khera wrote:
> [users]
> password-db = passwd
Hm, where is the 'passwd' file? Does it help if you use an absolute
path to the passwd file?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: unable to authenticate to svnserve -- no challenge issued
Posted by Gerco Ballintijn <ge...@cwi.nl>.
Hi,
Vivek Khera wrote:
>
> On Mar 9, 2004, at 12:48 PM, Ben Collins-Sussman wrote:
>
>> Aha, there's the problem. :-)
>>
>> The 'password-db' needs to live in the [general] section. So does
>> 'realm'.
>>
>
> Ahhhh. Now that I know this, I see how I misread the comments in the
> sample conf file, particularly this part:
>
> ### This option controls the location of the password database. This
> ### path may be relative to the conf directory. There is no default.
> ### The format of the password database is:
> ### [users]
> ### USERNAME = PASSWORD
>
> I had uncommented the [users] line in the sample...
>
> Anyhow, now that I change it to have just the [global] section in the
> conf file, it does seem to authenticate me...
>
I was bitten by this as well. Maybe the subtlety of one '#' vs three
'#'-s is too subtle? Can the uncommented part about the passwd file not
simply be put in a separate file? That is, let svnadmin create both a
boilerplate for svnserve.conf and for passwd?
Gerco.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: unable to authenticate to svnserve -- no challenge issued
Posted by Vivek Khera <kh...@kcilink.com>.
On Mar 9, 2004, at 12:48 PM, Ben Collins-Sussman wrote:
> Aha, there's the problem. :-)
>
> The 'password-db' needs to live in the [general] section. So does
> 'realm'.
>
Ahhhh. Now that I know this, I see how I misread the comments in the
sample conf file, particularly this part:
### This option controls the location of the password database. This
### path may be relative to the conf directory. There is no default.
### The format of the password database is:
### [users]
### USERNAME = PASSWORD
I had uncommented the [users] line in the sample...
Anyhow, now that I change it to have just the [global] section in the
conf file, it does seem to authenticate me...
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: unable to authenticate to svnserve -- no challenge issued
Posted by Ben Collins-Sussman <su...@collab.net>.
On Tue, 2004-03-09 at 11:14, Vivek Khera wrote:
> --cut here--
> [general]
> auth-access = write
> anon-access = none
>
> [users]
> password-db = passwd
> realm = Khera Communications
Aha, there's the problem. :-)
The 'password-db' needs to live in the [general] section. So does
'realm'.
The [users] section only exists in the 'passwd' file.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org