SVN 1.8 Kerberos Client problems

Tue, 08 Jul 2014 06:58:32 -0700 

Hi,

I did an update to svn 1.8.9 on our server yesterday and am now
running into problems whilst updating the corresponding windows
client.

Server details:

CentOS 6.5 x64
SVN 1.8.9, compiled on my own
Apache 2.2.15
Authentication using mod_auth_kerb to windows domain

Client:
Windows Server 2008
TSVN 1.7.13

Everything ran fine so far. I then upgraded to TSVN 1.8.7 which ships
with svn 1.8.9 binaries.
Now, on every repository involving action I get kerberos errors in my
apache log:

[Tue Jul 08 15:08:10 2014] [error] [client 192.168.1.152]
gss_accept_sec_context() failed: No credentials were supplied, or the
credentials were unavailable or inaccessible (, Unknown error)

Strange thing is, TSVN works fine from a user perspective (no error
displayed whatsoever...). I then tried to use the svn command line
binaries, same result, evrythings works, but apache error log is DOSed
with these error entries.

I tried to either "prefer" or deny BulkUpdates on the server, nothing changes.

Since subversion 1.8 comes with serf, it might have do to with the way
serf handles kerberos.
>From the linux cmd (on the svn server itself), I can use kerberos
(kinit + svn command afterwards) just fine, without any errors popping
up in the apache log.

Our browsers (IE, Chrome, FF) worked fine all the time using kerberos,
before and after upgrading svn on the server.

TSVN 1.7.13 works as well, so do the svn binaries shipped this version.

I'm quite stuck, because I do not know where to start. To my mind
kerberos is set up correctly because all clients work, except svn 1.8

I thought I could solve the problem by falling back to BulkUpdate, but
it does not seem to help.

Any suggestions are appreciated!

Greetings

Nico

PS:

svn apache config :

SVNInMemoryCacheSize 131072
SVNCacheTextDeltas On
SVNCacheFullTexts On
SVNCompressionLevel 6
SVNCacheRevProps On
<Location /repos>
    SSLRequireSSL
    DAV svn

    SVNListParentPath On
    SVNParentPath /var/local/svn/repos

    # Kerberos authentification
    AuthType Kerberos
    AuthName "Realm"
    KrbServiceName HTTP
    KrbLocalUserMapping on
    KrbAuthRealms REALM.INTERN
    KrbMethodNegotiate on
    KrbMethodK5Passwd on
    Krb5KeyTab /etc/httpd/kerberos/keytab
    KrbVerifyKDC on

    require valid-user

    AuthzSVNAccessFile /var/local/svn/auth/svn_authz
    SVNPathAuthz short_circuit
</Location>

Reply via email to