subversion + neon + windows + mod_kerb = InitializeSecurityContext SEC_E_INTERNAL_ERROR

Alon Bar-Lev alon.barlev at gmail.com
Sun Oct 2 10:48:03 EDT 2011


Forgot to mention that when running on the same windows workstation
Internet Explorer and Firefox do succeed in authenticating without any
problem to the same location.

XP and Windows 7 - same behavior.

Thanks!

On Sun, Oct 2, 2011 at 4:45 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> Hello,
>
> On Linux works perfectly!
>
> Configuration is Windows 2003 AD, apache2+mod_auth_kerb-5.4
>
> At server side I don't see any error, but on client side I see
> InitializeSecurityContext returning an error.
>
> I see in kerbtray that a valid ticket was acquired at windows side.
>
> Running both as:
> ---
> TortoiseSVN 1.6.16, Build 21511 - 32 Bit , 2011/06/01 19:00:35
> Subversion 1.6.17,
> apr 1.3.12
> apr-utils 1.3.12
> neon 0.29.6
> OpenSSL 1.0.0d 8 Feb 2011
> zlib 1.2.5
> ---
> And:
> ---
> svn, version 1.6.17-SlikSvn-tag-1.6.17 at 1130896-WIN32 (SlikSvn/1.6.17) WIN32
>   compiled Jun  3 2011, 07:33:44
> ---
>
> Neon Log
> ---
> Running post_send hooks
> ah_post_send (#1), code is 201 (want 401), WWW-Authenticate is
> Negotiate oYGfMIGcoAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqADAgEXolsEWeZpnkhcM6L/46+tUax3WtI15nBHJ63lGFL3ohcnJUb5qddhrMDQssCL6fYbOtjrUxpGPMplfIlXDxl089lYbUyqcE++7eBFwDDY9l5dT6FJeAvQfKZ8pUfB
> auth: SSPI challenge.
> InitializeSecurityContext [fail] [80090304].
> sspi: initializeSecurityContext [failed] [80090304].
> Request ends, status 201 class 2xx, error line:
> 201 Created
> Running destroy hooks.
> Request ends.
> svn: Commit failed (details follow):
> svn: MKACTIVITY of '/svn/Test/!svn/act/6694f132-323c-334e-a863-5f6b6ca1d8d9': 20
> 1 Created (https://correlux-gentoo.correlsense.com)
> ---
>
> httpd Log
> ---
> Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1628): [client
> 10.10.49.56] kerb_authenticate_user entered with user (NULL) and
> auth_type Kerberos
> [Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1240): [client
> 10.10.49.56] Acquiring creds for HTTP at correlux-gentoo.correlsense.com
> [Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1385): [client
> 10.10.49.56] Verifying client data using KRB5 GSS-API with our SPNEGO
> lib
> [Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1401): [client
> 10.10.49.56] Client didn't delegate us their credential
> [Sun Oct 02 16:32:31 2011] [debug] src/mod_auth_kerb.c(1420): [client
> 10.10.49.56] GSS-API token of length 162 bytes will be sent back
> ---
>
> I see same httpd messages in working linux client setup.
>
> Has anyone had this? Any clue how to debug this farther?
> Thanks!
> Alon.
>



More information about the neon mailing list