subversion + neon + windows + mod_kerb = InitializeSecurityContext SEC_E_INTERNAL_ERROR

Alon Bar-Lev alon.barlev at gmail.com
Sun Oct 2 10:45:52 EDT 2011


Hello,

On Linux works perfectly!

Configuration is Windows 2003 AD, apache2+mod_auth_kerb-5.4

At server side I don't see any error, but on client side I see
InitializeSecurityContext returning an error.

I see in kerbtray that a valid ticket was acquired at windows side.

Running both as:
---
TortoiseSVN 1.6.16, Build 21511 - 32 Bit , 2011/06/01 19:00:35
Subversion 1.6.17,
apr 1.3.12
apr-utils 1.3.12
neon 0.29.6
OpenSSL 1.0.0d 8 Feb 2011
zlib 1.2.5
---
And:
---
svn, version 1.6.17-SlikSvn-tag-1.6.17 at 1130896-WIN32 (SlikSvn/1.6.17) WIN32
   compiled Jun  3 2011, 07:33:44
---

Neon Log
---
Running post_send hooks
ah_post_send (#1), code is 201 (want 401), WWW-Authenticate is
Negotiate oYGfMIGcoAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqADAgEXolsEWeZpnkhcM6L/46+tUax3WtI15nBHJ63lGFL3ohcnJUb5qddhrMDQssCL6fYbOtjrUxpGPMplfIlXDxl089lYbUyqcE++7eBFwDDY9l5dT6FJeAvQfKZ8pUfB
auth: SSPI challenge.
InitializeSecurityContext [fail] [80090304].
sspi: initializeSecurityContext [failed] [80090304].
Request ends, status 201 class 2xx, error line:
201 Created
Running destroy hooks.
Request ends.
svn: Commit failed (details follow):
svn: MKACTIVITY of '/svn/Test/!svn/act/6694f132-323c-334e-a863-5f6b6ca1d8d9': 20
1 Created (https://correlux-gentoo.correlsense.com)
---

httpd Log
---
Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1628): [client
10.10.49.56] kerb_authenticate_user entered with user (NULL) and
auth_type Kerberos
[Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1240): [client
10.10.49.56] Acquiring creds for HTTP at correlux-gentoo.correlsense.com
[Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1385): [client
10.10.49.56] Verifying client data using KRB5 GSS-API with our SPNEGO
lib
[Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1401): [client
10.10.49.56] Client didn't delegate us their credential
[Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1420): [client
10.10.49.56] GSS-API token of length 162 bytes will be sent back
---

I see same httpd messages in working linux client setup.

Has anyone had this? Any clue how to debug this farther?
Thanks!
Alon.



More information about the neon mailing list