Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-4406

Unable to connect to repository - http auth kerberos

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Invalid
    • Affects Version/s: 1.8.x
    • Fix Version/s: ---
    • Component/s: libsvn_ra_serf
    • Labels:
      None
    • Environment:

      Windows 7

      Description

      Since updating SVN from v1.7 to v1.8.1 I cannot access the repository any more.
      Auth by webbrowser and old clients (1.7) is still working.
      No errors logged in apache error log, even when LogLevel is set to debug!
      
      
      --- SERVER ---
      svnserve, version 1.6.17 (r1128011)
         compiled Jun 26 2013, 20:44:36
      
      Copyright (C) 2000-2009 CollabNet.
      Subversion is open source software, see http://subversion.apache.org/
      This product includes software developed by CollabNet (http://www.Collab.Net/).
      
      The following repository back-end (FS) modules are available:
      
      * fs_base : Module for working with a Berkeley DB repository.
      * fs_fs : Module for working with a plain file (FSFS) repository.
      
      Cyrus SASL authentication is available.
      
      --- CLIENT ---
      svn, version 1.8.1 (r1503906)
         compiled Jul 22 2013, 19:58:17 on x86-microsoft-windows
      
      Copyright (C) 2013 The Apache Software Foundation.
      This software consists of contributions made by many people;
      see the NOTICE file for more information.
      Subversion is open source software, see http://subversion.apache.org/
      
      The following repository access (RA) modules are available:
      
      * ra_svn : Module for accessing a repository using the svn network protocol.
        - with Cyrus SASL authentication
        - handles 'svn' scheme
      * ra_local : Module for accessing a repository on local disk.
        - handles 'file' scheme
      * ra_serf : Module for accessing a repository via WebDAV protocol using serf.
        - handles 'http' scheme
        - handles 'https' scheme
      
      
      --- COMMAND & ERROR ---  
      >svn update Updating '.':
      svn: E120190: Unable to connect to a repository at URL
      'http://svn.myCompany.de/MyProject/trunk'
      svn: E120190: Error running context: An error occurred during authentication
      
      
      --- APACHE ACCESS LOG (NO ERRORS LOGGED, DEBUG MODE) ---
      [Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1628): [client
      192.168.0.39] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Tue Aug 06 15:11:39 2013] [debug] mod_deflate.c(615): [client 192.168.0.39]
      Zlib: Compressed 496 to 333 : URL /MyProject/trunk
      [Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1628): [client
      192.168.0.39] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
      [Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1240): [client
      192.168.0.39] Acquiring creds for HTTP/stromboli12
      [Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1385): [client
      192.168.0.39] Verifying client data using KRB5 GSS-API
      [Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1401): [client
      192.168.0.39] Client didn't delegate us their credential
      [Tue Aug 06 15:11:39 2013] [debug] src/mod_auth_kerb.c(1420): [client
      192.168.0.39] GSS-API token of length 181 bytes will be sent back
      [Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(643): [client 192.168.0.39]
      ldap authorize: Creating LDAP req structure
      [Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(773): [client 192.168.0.39]
      [10394] auth_ldap authorise: require group: testing for group membership in
      "CN=Alle,OU=Security Groups,OU=MyBusiness,DC=myCompany,DC=de"
      [Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(779): [client 192.168.0.39]
      [10394] auth_ldap authorise: require group: testing for member:
      CN=MyName,OU=Users,OU=MyBusiness,DC=myCompany,DC=de (CN=Alle,OU=Security
      Groups,OU=MyBusiness,DC=myCompany,DC=de)
      [Tue Aug 06 15:11:39 2013] [debug] mod_authnz_ldap.c(788): [client 192.168.0.39]
      [10394] auth_ldap authorise: require group: authorisation successful (attribute
      member) [Comparison true (adding to cache)][Compare True]
      [Tue Aug 06 15:11:39 2013] [debug] mod_deflate.c(615): [client 192.168.0.39]
      Zlib: Compressed 200 to 137 : URL /MyProject/trunk
      
      ----------------------
      
      #
      # Subversion Apache vHost
      #
      <VirtualHost *:80>
      	ServerName svn.myCompany.de
      
      	<Location />
      		DAV svn
      		SVNParentPath /var/svn
      
      		AuthType Kerberos
      		AuthName "Subversion - Use your system login"
      		KrbAuthRealms MYCOMPANY.DE
      		Krb5KeyTab /etc/krb5.keytab
      
      		##
      		# to check ldap-groups when using kerberos-auth
      		##
      		KrbServiceName HTTP/svn
      
      		# If set to off this directive allow authentication controls to be pass on to
      other modules
      		KrbAuthoritative Off
      
      		AuthBasicProvider ldap
      
      		AuthLDAPURL
      "ldap://ldap.myCompany.de/OU=Users,OU=MyBusiness,DC=myCompany,DC=de?userPrincipalName"
      		AuthLDAPBindDN "cn=LDAP,ou=SBSUsers,ou=Users,OU=MyBusiness,dc=myCompany,dc=de"
      		AuthLDAPBindPassword LdapPassWord
      
      		Satisfy All
      			
      	</Location>
      	
      	
      </VirtualHost>
      

      Original issue reported by ludwigc

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              subversion-importer Subversion Importer

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment