neon and kerberos on linux
Pavel Volkovitskiy
olfway at symlink.ru
Tue Jul 29 14:21:07 EDT 2008
Hello!
i'm trying to configure password-less auth with kerberos on linux
i setup svn repo with apache + mod_dav_svn + mod_auth_kerb
with firefox i can open repo url without password (with active kerberos
ticket)
but then i'm trying to use "svn" client auth failed:
svn ls http://cvs.matrix/matrixOpen/svn/
ah_create, for
WWW-Authenticate
Running pre_send
hooks
compress:
Initialization.
Sending request
headers:
OPTIONS /matrixOpen/svn
HTTP/1.1
Host:
cvs.matrix
User-Agent: SVN/1.5.1 (r32289)
neon/0.28.2
Keep-Alive:
Connection: TE,
Keep-Alive
TE:
trailers
DAV:
http://subversion.tigris.org/xmlns/dav/svn/depth
DAV:
http://subversion.tigris.org/xmlns/dav/svn/mergeinfo
DAV:
http://subversion.tigris.org/xmlns/dav/svn/log-revprops
Accept-Encoding:
gzip
Sending request-line and headers:
Doing DNS lookup on cvs.matrix...
Connecting to 192.168.88.6
Request sent; retry is 0.
[status-line] < HTTP/1.1 401 Authorization Required
[hdr] Date: Tue, 29 Jul 2008 18:18:28 GMT
Header Name: [date], Value: [Tue, 29 Jul 2008 18:18:28 GMT]
[hdr] Server: Apache/2.2.8 (Ubuntu) mod_auth_kerb/5.3 DAV/2 SVN/1.5.0
Header Name: [server], Value: [Apache/2.2.8 (Ubuntu) mod_auth_kerb/5.3
DAV/2 SVN/1.5.0]
[hdr] WWW-Authenticate:
Negotiate
Header Name: [www-authenticate], Value:
[Negotiate]
[hdr] Content-Length: 510
Header Name: [content-length], Value: [510]
[hdr] Keep-Alive: timeout=15, max=100
Header Name: [keep-alive], Value: [timeout=15, max=100]
[hdr] Connection: Keep-Alive
Header Name: [connection], Value: [Keep-Alive]
[hdr] Content-Type: text/html; charset=iso-8859-1
Header Name: [content-type], Value: [text/html; charset=iso-8859-1]
[hdr]
End of headers.
Running post_headers hooks
Reading 510 bytes of response body.
Got 510 bytes.
Read block (510 bytes):
[<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.8 (Ubuntu) mod_auth_kerb/5.3 DAV/2 SVN/1.5.0 Server
at cvs.matrix Port 80</address>
</body></html>
]
Running post_send hooks
ah_post_send (#0), code is 401 (want 401), WWW-Authenticate is Negotiate
auth: Got challenge (code 401).
auth: No challenges accepted.
Request ends, status 401 class 4xx, error line:
Could not authenticate to server: ignored Negotiate challenge
Running destroy hooks.
Request ends.
svn: OPTIONS of 'http://cvs.matrix/matrixOpen/svn': authorization failed
(http://cvs.matrix)
sess: Destroying session.
sess: Destroying session.
sess: Closing connection.
sess: Connection closed.
it seems that neon didn't try to auth at all
neon linked with kerberos libs:
ldd /usr/lib64/libneon.so.27.1.2
linux-vdso.so.1 => (0x00007fff5c9fe000)
libssl.so.5 => /lib64/libssl.so.5 (0x00007fa0543f4000)
libcrypto.so.5 => /lib64/libcrypto.so.5 (0x00007fa05407d000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
(0x00007fa053e52000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00007fa053bbe000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00007fa053999000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa053796000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa053581000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa05337d000)
libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007fa05303d000)
libz.so.1 => /usr/lib64/libz.so.1 (0x00007fa052e29000)
libm.so.6 => /lib64/libm.so.6 (0x00007fa052ba6000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa052855000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
(0x00007fa05264e000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa05488f000)
any ideas? what should i check?
--
Pavel
More information about the neon
mailing list