Philip Martin wrote: > >>> > >>> Have you tried with "mech_list: gssapi" so that the client has no choice? > >> > >> Yes, in fact I wrote about it in the original post. I repeat: > >> > >> If I disable the digest-md5 mech on the server, like > >> (mech_list: gssapi anonymous), I get: > > > > I'm not a SASL expert, what does anonymous do? Does that give the > > client a choice? Can you use "mech_list: gssapi"? > > One other thing is there is a note in > http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt that > states that setting the client's max-encryption to more than 56 will > prevent GSSAPI working. I don't know whether that is still true or > out-of-date, or why this should suddenly be an issue when going from 1.6 > to 1.7.
min-encryption and max-encryption are server-side settings, and the issue is more probably in the client. Yes, I tried specifying min-encryption = 0; max-encryption = 56 on the server side (in conf/svnserve.conf) but it makes no difference. It's the client that does not even try to contact the KDC for a service ticket. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru