You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Ray Miller <ra...@sysdev.oucs.ox.ac.uk> on 2005/10/30 13:16:29 UTC
Support for HTTP Negotiate authentication
I have been looking into support for HTTP Negotiate authentication for
WebDAV access to Subversion repositories. In theory, this should be
fairly straightforward, as mod_auth_kerb
<http://modauthkerb.sourceforge.net/> takes care of the Apache side of
things and neon supports the Negotiate authentication method.
Unfortunately, initial tests indicate that this is not working properly
in neon 0.24.7; setting neon-debug-mask = 8 reveals:
ah_create, for WWW-Authenticate
Not handling session.
ah_post_send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate
Got challenge with code 401.
Got new auth challenge: Negotiate
New challenge for scheme [Negotiate]
GSSAPI scheme.
Finished parsing parameters.
Looking for GSSAPI.
gss_init_sec_context failed.
A standalone test with neon 0.24.7 exhibits the same problem but works
with neon 0.25.4.
Are there any plans to update Subversion to the neon 0.25 API? Has
someone already done this, or would you welcome a patch against
libsvn_ra_dav?
This issue might be related:
<http://subversion.tigris.org/issues/show_bug.cgi?id=1844>. It implies
that Serge Gotvansky has built subversion against neon 0.25.2:
<http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=102592>;
is that patch available?
--
Ray Miller, Systems Development & Support Section Manager
Computing Services, University of Oxford
Re: Support for HTTP Negotiate authentication
Posted by David James <ja...@gmail.com>.
On 10/30/05, Ray Miller <ra...@sysdev.oucs.ox.ac.uk> wrote:
> A standalone test with neon 0.24.7 exhibits the same problem but works
> with neon 0.25.4.
>
> Are there any plans to update Subversion to the neon 0.25 API? Has
> someone already done this, or would you welcome a patch against
> libsvn_ra_dav?
>
> This issue might be related:
> <http://subversion.tigris.org/issues/show_bug.cgi?id=1844>. It implies
> that Serge Gotvansky has built subversion against neon 0.25.2:
> <http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=102592>;
> is that patch available?
Subversion 1.3.0rc2 works great with Neon 0.25.4. In fact,
subversion-1.3.0-rc2.tar.bz2 ships with Neon 0.25.4. Get it at:
http://lolut.utbm.info/pub/subversion-1.3.0/rc2/
Let me know if you run into any issues.
Cheers,
David
--
David James -- http://www.cs.toronto.edu/~james
Re: Support for HTTP Negotiate authentication
Posted by Ben Collins-Sussman <su...@red-bean.com>.
On 10/30/05, Ray Miller <ra...@sysdev.oucs.ox.ac.uk> wrote:
> Are there any plans to update Subversion to the neon 0.25 API?
Yes, svn 1.3 works against neon 0.25. You can grab the rc2 tarball to
test, or just build svn's trunk.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Support for HTTP Negotiate authentication
Posted by Ray Miller <ra...@sysdev.oucs.ox.ac.uk>.
On Sun, 2005-10-30 at 10:52 -0500, Greg Hudson wrote:
> If, for some reason, you need svn 1.2.x to do the right thing and are
> willing to patch Neon, there's a one-line fix for this bug in neon
> 0.24.7. See:
>
> http://mailman.webdav.org/pipermail/neon/2004-November/001768.html
Thanks Greg. I can confirm that, with this patch against neon,
everything works as expected and I now have a svn 1.2 client talking to
an apache2/mod_dav_svn/mod_auth_kerb server.
Thanks also to Ben and David for pointing out that svn 1.3 will build
against neon 0.25 - that's next on my list of things to try.
--
Ray Miller, Systems Development & Support Section Manager
Computing Services, University of Oxford
Re: Support for HTTP Negotiate authentication
Posted by Greg Hudson <gh...@MIT.EDU>.
On Sun, 2005-10-30 at 13:16 +0000, Ray Miller wrote:
> A standalone test with neon 0.24.7 exhibits the same problem but works
> with neon 0.25.4.
If, for some reason, you need svn 1.2.x to do the right thing and are
willing to patch Neon, there's a one-line fix for this bug in neon
0.24.7. See:
http://mailman.webdav.org/pipermail/neon/2004-November/001768.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org