Daniel Shahaf wrote: > > > > > > > > I have the following line in /usr/local/lib/sasl2/svn.conf: > > > > mech_list: gssapi digest-md5 anonymous > > > > > > > > How can I guarantee that the subversion client/server will always use > > > > GSSAPI before DIGEST-MD5? Or a more generic question, how can I change > > > > the order of mechanisms if I have to? > > > > > > > > > > Looking at subversion/libsvn_ra_svn/{client.c,cyrus_auth.c}, it seems > > > that the > > > following order is used: > > > > > > * EXTERNAL (i.e., ssh tunnel) > > > * ANONYMOUS > > > * ${server-reported mechanisms, in the order suggested by the server} > > > * CRAM-MD5 (used via internal_auth.c even if SASL doesn't support it) > > > > > > I don't see a knob that lets you manipulate the order. > > > > Then how can I manipulate "the order suggested by the server"? The > > server is svnserve. > > > > Looking in subversion/svnserve/cyrus_auth.c, the list of mechansms is obtained > directly from SASL:
[dd] > > so you'd have to look up in the SASL docs how to configure the ordering of > mechanisms. (I don't know offhand how to configure that.) I was unable to find this in the SASL docs. It only says that mech_list is a "Whitespace separated list of mechanisms to allow (e.g. 'plain otp'). Used to restrict the mechanisms to a subset of the installed plugins." While googling I found even such statements as http://www.techienuggets.com/CommentDetail?tx=188636 -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru