Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-4406

Unable to connect to repository - http auth kerberos

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Invalid
    • 1.8.x
    • ---
    • libsvn_ra_serf
    • None

    • Windows 7

    Description

      Since updating SVN from v1.7 to v1.8.1 I cannot access the repository any more.
Auth by webbrowser and old clients (1.7) is still working.
No errors logged in apache error log, even when LogLevel is set to debug!


--- SERVER ---
svnserve, version 1.6.17 (r1128011)
   compiled Jun 26 2013, 20:44:36

Copyright (C) 2000-2009 CollabNet.
Subversion is open source software, see http://subversion.apache.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).

The following repository back-end (FS) modules are available:

* fs_base : Module for working with a Berkeley DB repository.
* fs_fs : Module for working with a plain file (FSFS) repository.

Cyrus SASL authentication is available.

--- CLIENT ---
svn, version 1.8.1 (r1503906)
   compiled Jul 22 2013, 19:58:17 on x86-microsoft-windows

Copyright (C) 2013 The Apache Software Foundation.
This software consists of contributions made by many people;
see the NOTICE file for more information.
Subversion is open source software, see http://subversion.apache.org/

The following repository access (RA) modules are available:

* ra_svn : Module for accessing a repository using the svn network protocol.
  - with Cyrus SASL authentication
  - handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
  - handles 'file' scheme
* ra_serf : Module for accessing a repository via WebDAV protocol using serf.
  - handles 'http' scheme
  - handles 'https' scheme


--- COMMAND & ERROR ---  
>svn update Updating '.':
svn: E120190: Unable to connect to a repository at URL
'http://svn.myCompany.de/MyProject/trunk'
svn: E120190: Error running context: An error occurred during authentication


--- APACHE ACCESS LOG (NO ERRORS LOGGED, DEBUG MODE) ---
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1628): [client
192.168.0.39] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Aug 06 15:11:39 2013] [debug] mod_deflate.c(615): [client 192.168.0.39]
Zlib: Compressed 496 to 333 : URL /MyProject/trunk
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1628): [client
192.168.0.39] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1240): [client
192.168.0.39] Acquiring creds for HTTP/stromboli12
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1385): [client
192.168.0.39] Verifying client data using KRB5 GSS-API
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1401): [client
192.168.0.39] Client didn't delegate us their credential
[Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1420): [client
192.168.0.39] GSS-API token of length 181 bytes will be sent back
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(643): [client 192.168.0.39]
ldap authorize: Creating LDAP req structure
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(773): [client 192.168.0.39]
[10394] auth_ldap authorise: require group: testing for group membership in
"CN=Alle,OU=Security Groups,OU=MyBusiness,DC=myCompany,DC=de"
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(779): [client 192.168.0.39]
[10394] auth_ldap authorise: require group: testing for member:
CN=MyName,OU=Users,OU=MyBusiness,DC=myCompany,DC=de (CN=Alle,OU=Security
Groups,OU=MyBusiness,DC=myCompany,DC=de)
[Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(788): [client 192.168.0.39]
[10394] auth_ldap authorise: require group: authorisation successful (attribute
member) [Comparison true (adding to cache)][Compare True]
[Tue Aug 06 15:11:39 2013] [debug] mod_deflate.c(615): [client 192.168.0.39]
Zlib: Compressed 200 to 137 : URL /MyProject/trunk

----------------------

#
# Subversion Apache vHost
#
<VirtualHost *:80>
	ServerName svn.myCompany.de

	<Location />
		DAV svn
		SVNParentPath /var/svn

		AuthType Kerberos
		AuthName "Subversion - Use your system login"
		KrbAuthRealms MYCOMPANY.DE
		Krb5KeyTab /etc/krb5.keytab

		##
		# to check ldap-groups when using kerberos-auth
		##
		KrbServiceName HTTP/svn

		# If set to off this directive allow authentication controls to be pass on to
other modules
		KrbAuthoritative Off

		AuthBasicProvider ldap

		AuthLDAPURL
"ldap://ldap.myCompany.de/OU=Users,OU=MyBusiness,DC=myCompany,DC=de?userPrincipalName"
		AuthLDAPBindDN "cn=LDAP,ou=SBSUsers,ou=Users,OU=MyBusiness,dc=myCompany,dc=de"
		AuthLDAPBindPassword LdapPassWord

		Satisfy All
			
	</Location>
	
	
</VirtualHost>

      Original issue reported by ludwigc

      Attachments

        Activity

          People

            Unassigned Unassigned
            subversion-importer Subversion Importer
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: