[neon] Win32 SSPI Negotiate authentication with virtual host /multi-homed

[Kaltenberger, Stefan]

Hi,

I'm trying to upgrade my Subversion client from 1.4 to 1.5 and therefore
I'm
struggling with authentication issues again :). I finally tracked down
my
problem to this fix:

------------------------------------------------------------------------
r1222 | joe | 2007-08-10 16:26:08 +0100 (Fri, 10 Aug 2007) | 5 lines

Perform hostname canonicalization for SSPI, patch by Yves Martin:

* src/ne_sspi.c (canonical_hostname): New function.
(ne_sspi_create_context): Use the canonical hostname in the SPN.

On Tue, Jul 03, 2007 at 13:32:55 +0200, Yves Martin wrote:
> My proposal:
> 1. DNS lookup of original serverName ("vhost.domain.com")
> 2. Reverse DNS each IP address returned by "ne_addr_resolve"
> 3. First result is used as SPN in "HTTP/main.domain.com"

The use of neon-debug-mask = 24 reveals the cause: The reverse lookup
done
by ne_iaddr_reverse() through gethostbyaddr() translates the FQDN
entered by
the user into an unqualified domain name. Therefore the SPN changes from
'HTTP/host.example.com' to 'HTTP/HOST' resulting in code 500 'Internal
Server Error' (/var/log/httpd/error: 'mod_spnego: gss_accept_sec_context
failed; GSS-API: A token was invalid').

I'm wondering if this is a configuration issue regarding my environment
(i.e. my DNS server)? Any ideas?

BTW, I'm using...
Repository: Fedora Cora 5, Apache 2.2.0, Subversion 1.3.1
Client: Windows Server 2003, Subversion 1.5.1, Neon 0.28.2

Regards, Stefan