* James McCoy wrote: > As shown in the working example, an initial 401 is expected. The client > should retry with the auth. The question is why that isn't happening. > > What does “svn --version” show?
All clients I tried showed the same behaviour. The first one was: |svn, version 1.7.19 (r1643991) | compiled Jun 17 2015, 13:48:11 | |Copyright (C) 2014 The Apache Software Foundation. |This software consists of contributions made by many people; see the NOTICE |file for more information. |Subversion is open source software, see http://subversion.apache.org/ | |The following repository access (RA) modules are available: | |* ra_neon : Module for accessing a repository via WebDAV protocol using Neon. | - handles 'http' scheme | - handles 'https' scheme |* ra_svn : Module for accessing a repository using the svn network protocol. | - handles 'svn' scheme |* ra_local : Module for accessing a repository on local disk. | - handles 'file' scheme |* ra_serf : Module for accessing a repository via WebDAV protocol using serf. | - handles 'http' scheme | - handles 'https' scheme Then the one that comes with jessie, but before the security upgrade: |svn, version 1.8.10 (r1615264) | compiled Apr 1 2015, 02:54:56 on x86_64-pc-linux-gnu | |Copyright (C) 2014 The Apache Software Foundation. |This software consists of contributions made by many people; |see the NOTICE file for more information. |Subversion is open source software, see http://subversion.apache.org/ | |The following repository access (RA) modules are available: | |* ra_svn : Module for accessing a repository using the svn network protocol. | - with Cyrus SASL authentication | - handles 'svn' scheme |* ra_local : Module for accessing a repository on local disk. | - handles 'file' scheme |* ra_serf : Module for accessing a repository via WebDAV protocol using serf. | - using serf 1.3.8 | - handles 'http' scheme | - handles 'https' scheme> And finally the one after the security upgrade: |svn, version 1.8.10 (r1615264) | compiled Aug 9 2015, 13:48:39 on x86_64-pc-linux-gnu | |Copyright (C) 2014 The Apache Software Foundation. |This software consists of contributions made by many people; |see the NOTICE file for more information. |Subversion is open source software, see http://subversion.apache.org/ | |The following repository access (RA) modules are available: | |* ra_svn : Module for accessing a repository using the svn network protocol. | - with Cyrus SASL authentication | - handles 'svn' scheme |* ra_local : Module for accessing a repository on local disk. | - handles 'file' scheme |* ra_serf : Module for accessing a repository via WebDAV protocol using serf. | - using serf 1.3.8 | - handles 'http' scheme | - handles 'https' scheme Apache access log: |${CLIENT_IP} - - [31/Aug/2015:15:37:41 +0200] "OPTIONS /svn-krb/${REPO} HTTP/1.1" 401 5444 "-" "SVN/1.8.10 (x86_64-pc-linux-gnu) serf/1.3.8" Client output: |svn: E120190: Unable to connect to a repository at URL 'https://${FQDN}/svn-krb/${REPO}' |svn: E120190: Error running context: An error occurred during authentication BTW: With libapache2-mod-auth-gssapi I get the same error message. However, with the older SVN packages, the apache access log looks good (after failed anonymous access it authenticates, successfully), but the clients just outputs nothing and exits zero. The apache error log says "Sessions not available, no cookies!". I have sessions enabled, but maybe I'm missing something. I'm just mentioning this because it might be related to the original problem. Best, Andreas
