<br><div id="yMail_cursorElementTracker_0.11758888885378838"><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;">That’s interesting. I never considered that this may be a negotiation failure between the svn client and server. It would explain why saslauthd doesn’t log anything.</div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"> </div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;">I don’t know if SVN supports “PLAIN” explicitly, but according to the documentation at</div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><a rel="nofollow" target="_blank" href="http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html" style="overflow-wrap: break-word; word-break: break-word;"><font color="blue" style="overflow-wrap: break-word; word-break: initial;"><u style="overflow-wrap: break-word; word-break: initial;">http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html</u></font></a> it seems to be that it would rely entirely upon what SASL is compiled with. And I do have PLAIN compiled (libplain.so…. exists).</div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"> </div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;">The only thing I see as relevant on the svn side is:</div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px; text-indent: 36pt;">“<font size="4" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 13.5pt;">SASL is also able to perform data encryption if</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px; padding-left: 36pt;"><font size="4" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 13.5pt;">a particular mechanism supports it. […] To enable or</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px; padding-left: 36pt;"><font size="4" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 13.5pt;">disable different levels of encryption, you can set two</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px; padding-left: 36pt;"><font size="4" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 13.5pt;">values […]The <font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 10pt;">min-encryptio</span></font><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 10pt;">n</span></font> and <font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 10pt;">max-encryptio</span></font><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 10pt;">n</span></font> variables</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px; padding-left: 36pt;"><font size="4" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 13.5pt;">control the level of encryption demanded by the server. To</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px; padding-left: 36pt;"><font size="4" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 13.5pt;">disable encryption completely, set both values to 0. <font size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 11pt;">”</span></font></span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"> </div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;">So I  tried:</div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"> </div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">[sasl]</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">use-sasl = true</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">min-encryption = 0</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">max-encryption = 0</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"> </div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;">And:</div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"> </div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">[sasl]</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">use-sasl = true</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">min-encryption = 0</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"><font face="Courier New" size="2" style="overflow-wrap: break-word;"><span style="overflow-wrap: break-word; font-size: 9pt;">max-encryption = 256</span></font></div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;"> </div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;" id="yMail_cursorElementTracker_0.2768938646186143">The results were exactly the same…</div><div style="overflow-wrap: break-word; font-family: Calibri; font-size: 14.6667px;" id="yMail_cursorElementTracker_0.2768938646186143"><br></div></div> <blockquote style="margin: 0 0 20px 0;"> <header style="font-family:Roboto, sans-serif; color:#6D00F6;"> <div>On Mon, 11 Jan, 2016 at 15:34, Dan White</div><div><dwhite@cafedemocracy.org> wrote:</div> </header> <div style="padding: 10px 0 0 20px; margin: 10px 0 0 0; border-left: 1px solid #6D00F6;"> <div id="msgSandbox_ANVVfbwAAB9YVpPLrwSfmJB9ioM_TEXT" class="msgSandbox" style="padding: 1.5em 0.5em 0.5em 1.2em; word-wrap: break-word;">On 01/11/16 09:57 +0000, akarypid--- via Cyrus-sasl wrote:<br clear="none">>NOTE: I am using Cyrus SASL 2.1.26 (self-compiled).<br clear="none"><br clear="none">>1) saslauthd<br clear="none"><br clear="none">>$ testsaslauthd -f /tmp/mysasl/mux -u ldapuser -p secret<br clear="none">>0: OK "Success."<br clear="none"><br clear="none">>Now, I am a bit confused as to the SERVER (in my case subversion) <br clear="none">>application talking to saslauthd. For subversion (based on what I've <br clear="none">>read) I created an "/usr/local/etc/svn.conf" as:<br clear="none"><br clear="none">>pwcheck_method: saslauthd<br clear="none">>saslauthd_path: /tmp/mysasl/mux<br clear="none">>mech_list: PLAIN<br clear="none">><br clear="none">>The problem is that when I run my client, I see this:<br clear="none">><br clear="none">>$ svn co svn://localhost:2008/trunk<br clear="none">>svn: E170001: SASL(-4): no mechanism available: Internal Error -4 in <br clear="none">>../../lib/server.c near line 1757<br clear="none"><br clear="none">Can you manually select your mechanism with svn? Does svn require network<br clear="none">protection to use PLAIN?<div class="yQTDBase yqt7834974477" id="yqtfd44766"><br clear="none"><br clear="none">>I'm not sure why svnserve doesn't like my config. I'm pretty sure it's <br clear="none">>picked up, because I used strace to run svnserve, (I thought I may be <br clear="none">>editing the wrong config file) and:<br clear="none">><br clear="none">>$ strace svnserve --listen-port 2008 -r /tmp/testrepo<br clear="none">>[...]<br clear="none">>open("/usr/local/etc/svn.conf", O_RDONLY) = 3<br clear="none">>[...]<br clear="none">><br clear="none">>So I'm pretty sure svnserve knows that it's supposed to use saslauthd, <br clear="none">>but it seems like it  doesn't even *try* to talk to it: I ran saslauthd <br clear="none">>with "-d" to see what happens and nothing is logged!<br clear="none">><br clear="none">>When I test with testlsaslauthd I see stuff like:<br clear="none">><br clear="none">>[...some local cache lookup...]<br clear="none">>saslauthd[2514] :do_auth        : auth success: [user=ldapuser] <br clear="none">>[service=myservice] [realm=myrealm] [mech=ldap]<br clear="none">>saslauthd[2514] :do_request      : response: OK</div><br clear="none"><br clear="none">Check permissions on /tmp/mysasl/mux<br clear="none"><br clear="none">-- <br clear="none">Dan White<div class="yQTDBase yqt7834974477" id="yqtfd58179"><br clear="none"></div></div> </div> </blockquote>