Hi folks,
I am trying to make Subversion run with our ISA proxy which advertises
Proxy-Authenticate: Negotiate, NTLM, Basic.
My Subversion version is: 1.6.7 on Windows XP, tried with 1.7-beta3 which even
did not want to accept the URL. The HTTP lib is neon because serf quit working
with "svn:
Hi folks,
I am trying to make Subversion run with our ISA proxy which advertises
Proxy-Authenticate: Negotiate, NTLM, Basic.
My Subversion version is: 1.6.7 on Windows XP, tried with 1.7-beta3 which even
did not want to accept the URL. The HTTP lib is neon because serf quit working
with "svn:
On Mon, Aug 22, 2011 at 12:55:58PM +0200, 1983-01...@gmx.net wrote:
> Hi folks,
>
> I am trying to make Subversion run with our ISA proxy which advertises
> Proxy-Authenticate: Negotiate, NTLM, Basic.
>
> My Subversion version is: 1.6.7 on Windows XP, tried with 1.7-beta3 which
> even did not w
On Mon, Aug 22, 2011 at 01:02:26PM +0200, Stefan Sperling wrote:
> I'm sorry but I'm afraid I'll have to redirect you again.
> Client-side NTLM authentication is done by neon, not Subversion.
> Website: http://webdav.org/neon/
To clarify, neon also performs Negotiate auth.
On Mon, Aug 22, 2011 at 12:55:58PM +0200, 1983-01...@gmx.net wrote:
> Now, when the proxy server challenges Subversion to authenticate, Subversion
> tries to retrieve a service ticket for the target host /instead of/ for the
> proxy host. I debugged that in a Wireshark session.
> Should I file a
> Betreff: Re: Proxy authentication with Negotiate uses wrong host
> On Mon, Aug 22, 2011 at 12:55:58PM +0200, 1983-01...@gmx.net wrote:
> > Now, when the proxy server challenges Subversion to authenticate,
> Subversion tries to retrieve a service ticket for the target host /instea
On Mon, Aug 22, 2011 at 01:41:59PM +0200, 1983-01...@gmx.net wrote:
> no, I did not set that value neither on Windows nor on FreeBSD. Using
> Negotiate does require setting a username. That's what the credentials cache
> is for.
You expect svn to get the proxy username from the ~/.subversion/aut
> Betreff: Re: Proxy authentication with Negotiate uses wrong host
> On Mon, Aug 22, 2011 at 01:41:59PM +0200, 1983-01...@gmx.net wrote:
> > no, I did not set that value neither on Windows nor on FreeBSD. Using
> Negotiate does require setting a username. That's what the cr
Stefan Sperling schrieb:
> On Mon, Aug 22, 2011 at 01:41:59PM +0200, 1983-01...@gmx.net wrote:
>> no, I did not set that value neither on Windows nor on FreeBSD.
Using Negotiate does require setting a username. That's what the
credentials cache is for.
>
> You expect svn to get the proxy userna
On Tue, Aug 23, 2011 at 10:47:35PM +0200, Michael-O wrote:
> I made some digging in the subversion and neon code and notices some
> interesting and odd stuff.
>
> If you take a look at the aforementioned session.c in line 865 [1]
> you'll see that the code is correct, Negotiate auth is added if no
> Betreff: Re: Proxy authentication with Negotiate uses wrong host
> > Digging deeper into that file shows that Negotiate auth for servers
> > (not proxy servers) is done only when the server is servered with
> > HTTPS [2].
>
> Having taken a brief glance it looks
> On Tue, Aug 23, 2011 at 10:47:35PM +0200, Michael-O wrote:
> > I made some digging in the subversion and neon code and notices some
> > interesting and odd stuff.
> >
> > If you take a look at the aforementioned session.c in line 865 [1]
> > you'll see that the code is correct, Negotiate auth is
> On Wed, Aug 24, 2011 at 09:25:49AM +0200, 1983-01...@gmx.net wrote:
> > I'll do but why is Negotiate auth activated in session.c if the target
> host is ssy only? This should be on the user to decide not subversion.
>
> I don't know who made this decision and why.
> Maybe svn blame on that file
On Wed, Aug 24, 2011 at 09:44:17AM +0200, 1983-01...@gmx.net wrote:
> > On Tue, Aug 23, 2011 at 10:47:35PM +0200, Michael-O wrote:
> > > I made some digging in the subversion and neon code and notices some
> > > interesting and odd stuff.
> > >
> > > If you take a look at the aforementioned sessio
> -Original Message-
> From: 1983-01...@gmx.net [mailto:1983-01...@gmx.net]
> Sent: woensdag 24 augustus 2011 10:47
> To: users@subversion.apache.org
> Subject: Re: Proxy authentication with Negotiate uses wrong host
>
> > On Wed, Aug 24, 2011 at 09:25:49AM +
On Wed, 2011-08-24 at 05:52 -0400, Bert Huijben wrote:
> Then somebody added Kerberos support to neon, but the api wasn't
> updated to allow different behavior for the specific implementations.
Kerberos via HTTP negotiate is also insecure when not used over HTTPS.
In HTTP negotiate, the GSSAPI mec
Bert,
> > -Original Message-
> > From: 1983-01...@gmx.net [mailto:1983-01...@gmx.net]
> > Sent: woensdag 24 augustus 2011 10:47
> > To: users@subversion.apache.org
> > Subject: Re: Proxy authentication with Negotiate uses wrong host
> >
> >
> Betreff: RE: Proxy authentication with Negotiate uses wrong host
> On Wed, 2011-08-24 at 05:52 -0400, Bert Huijben wrote:
> > Then somebody added Kerberos support to neon, but the api wasn't
> > updated to allow different behavior for the specific implementations.
On Wed, 2011-08-24 at 07:42 -0400, 1983-01...@gmx.net wrote:
> Are you refering to sole Kerberos or are you just concerned about
> transport encryption? Your statement somewhat irritates me.
> Given that the HTTP traffic cannot be securely wrapped into the GSS
> content and nor the SASL QOP can be
> On Wed, 2011-08-24 at 07:42 -0400, 1983-01...@gmx.net wrote:
> > Are you refering to sole Kerberos or are you just concerned about
> > transport encryption? Your statement somewhat irritates me.
> > Given that the HTTP traffic cannot be securely wrapped into the GSS
> > content and nor the SASL Q
20 matches
Mail list logo
