subversion svn/svnserve SASL with GSSAPI auth not working (for me)

Phil Pennock cyrus-sasl-phil at spodhuis.org
Mon Sep 3 23:48:51 EDT 2012


On 2012-09-02 at 18:26 -0400, Curtis Villamizar wrote:
> Perhaps someone on this list has a clue as to why I'm seeing this
> problem.  Otherwise I'll edit the above code and send diffs that help
> isolate the problem.

I use svn with https URLs with Subversion, via mod_auth_kerb in Apache,
and it works fine; the biggest glitch was figuring out that the svn
client was explicitly disabling the auth method if the URL was http
instead of https.  If I recall correctly (it's been a few years),
libneon didn't support SASL token wrapping/unwrapping, so is only
willing to use GSSAPI if GSSAPI won't negotiate any protection layers of
its own.  I've no idea (haven't looked) to see if that applies at all to
the more recent "native" approach.

That's not to say that getting "native" svn+gssapi going is a bad idea
or anything; I'm just noting that there's a way out of the current
situation if you just want "something that works".

-Phil


More information about the Cyrus-sasl mailing list