[prev in list] [next in list] [prev in thread] [next in thread]
List: subversion-issues
Subject: [Issue 4406] New - Unable to connect to repository - http auth kerberos
From: ludwigc () tigris ! org
Date: 2013-08-06 14:13:07
Message-ID: iz4406 () subversion ! tigris ! org
[Download RAW message or body]
http://subversion.tigris.org/issues/show_bug.cgi?id=4406
Issue #|4406
Summary|Unable to connect to repository - http auth kerberos
Component|subversion
Version|1.8.x
Platform|All
URL|
OS/Version|Windows 7
Status|NEW
Status whiteboard|
Keywords|
Resolution|
Issue type|DEFECT
Priority|P2
Subcomponent|libsvn_ra_serf
Assigned to|issues@subversion
Reported by|ludwigc
------- Additional comments from ludwigc@tigris.org Tue Aug 6 07:13:06 -0700 2013 -------
Since updating SVN from v1.7 to v1.8.1 I cannot access the repository any more.
Auth by webbrowser and old clients (1.7) is still working.
No errors logged in apache error log, even when LogLevel is set to debug!
--- SERVER ---
svnserve, version 1.6.17 (r1128011)
compiled Jun 26 2013, 20:44:36
Copyright (C) 2000-2009 CollabNet.
Subversion is open source software, see http://subversion.apache.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).
The following repository back-end (FS) modules are available:
* fs_base : Module for working with a Berkeley DB repository.
* fs_fs : Module for working with a plain file (FSFS) repository.
Cyrus SASL authentication is available.
--- CLIENT ---
svn, version 1.8.1 (r1503906)
compiled Jul 22 2013, 19:58:17 on x86-microsoft-windows
Copyright (C) 2013 The Apache Software Foundation.
This software consists of contributions made by many people;
see the NOTICE file for more information.
Subversion is open source software, see http://subversion.apache.org/
The following repository access (RA) modules are available:
* ra_svn : Module for accessing a repository using the svn network protocol.
- with Cyrus SASL authentication
- handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
- handles 'file' scheme
* ra_serf : Module for accessing a repository via WebDAV protocol using serf.
- handles 'http' scheme
- handles 'https' scheme
--- COMMAND & ERROR ---
>svn update Updating '.':
svn: E120190: Unable to connect to a repository at URL
'http://svn.myCompany.de/MyProject/trunk'
svn: E120190: Error running context: An error occurred during authentication
--- APACHE ACCESS LOG (NO ERRORS LOGGED, DEBUG MODE) ---
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1628): [client
192.168.0.39] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Aug 06 15:11:39 2013] [debug] mod_deflate.c(615): [client 192.168.0.39]
Zlib: Compressed 496 to 333 : URL /MyProject/trunk
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1628): [client
192.168.0.39] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1240): [client
192.168.0.39] Acquiring creds for HTTP/stromboli12
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1385): [client
192.168.0.39] Verifying client data using KRB5 GSS-API
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1401): [client
192.168.0.39] Client didn't delegate us their credential
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1420): [client
192.168.0.39] GSS-API token of length 181 bytes will be sent back
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(643): [client 192.168.0.39]
ldap authorize: Creating LDAP req structure
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(773): [client 192.168.0.39]
[10394] auth_ldap authorise: require group: testing for group membership in
"CN=Alle,OU=Security Groups,OU=MyBusiness,DC=myCompany,DC=de"
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(779): [client 192.168.0.39]
[10394] auth_ldap authorise: require group: testing for member:
CN=MyName,OU=Users,OU=MyBusiness,DC=myCompany,DC=de (CN=Alle,OU=Security
Groups,OU=MyBusiness,DC=myCompany,DC=de)
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(788): [client 192.168.0.39]
[10394] auth_ldap authorise: require group: authorisation successful (attribute
member) [Comparison true (adding to cache)][Compare True]
[Tue Aug 06 15:11:39 2013] [debug] mod_deflate.c(615): [client 192.168.0.39]
Zlib: Compressed 200 to 137 : URL /MyProject/trunk
----------------------
#
# Subversion Apache vHost
#
<VirtualHost *:80>
ServerName svn.myCompany.de
<Location />
DAV svn
SVNParentPath /var/svn
AuthType Kerberos
AuthName "Subversion - Use your system login"
KrbAuthRealms MYCOMPANY.DE
Krb5KeyTab /etc/krb5.keytab
##
# to check ldap-groups when using kerberos-auth
##
KrbServiceName HTTP/svn
# If set to off this directive allow authentication controls to be pass on to
other modules
KrbAuthoritative Off
AuthBasicProvider ldap
AuthLDAPURL
"ldap://ldap.myCompany.de/OU=Users,OU=MyBusiness,DC=myCompany,DC=de?userPrincipalName"
AuthLDAPBindDN "cn=LDAP,ou=SBSUsers,ou=Users,OU=MyBusiness,dc=myCompany,dc=de"
AuthLDAPBindPassword LdapPassWord
Satisfy All
</Location>
</VirtualHost>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=463&dsMessageId=3062135
To unsubscribe from this discussion, e-mail: [issues-unsubscribe@subversion.tigris.org].
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic