On 06.10.2017 11:23, Jarno Elonen wrote: > Hi, > > Is it possible to pass custom auth headers to Serf from server, and > have it pass them on for subsequent requests? > I.e. hand it a custom token / cookie after the initial authentication.
You have complete control over the request and response with Serf. But you're talking about creating a custom _client_ for your custom server; are you sure you want to go there? > I'm building a Subversion HTTPS server with SSO over Kerberos (Samba4 > ADC), and our Windows client (SlikSVN) crashes mid-checkout on some > repositories with mod_auth_kerb (auth_ntlm_winbind sort of works, but > it's suboptimal for various reasons). > I've written about the issue to SlickSVN developers, but since a fix > might take a while, I'd like to set up a workaround. > > Since the first few Kerberos authenticated requests work, and the > client crashes only later in the process, I was contemplating making > the server pass a JWT token, a cookie or something like that, and > having the client use that for authentication from there on. > > Is that sort of thing possible with Serf? > > As an alternative, I was thinking about creating a temporary > repository URL with the credentials embedded in it URI, and > redirecting the client there for the rest of the session. But I guess > it's not possible to instruct SVN to use a different URL from the > server. Read the documentation for HTTP status code 302 or 307. Subversion handles redirects. Of course, embedding authn tokens in the URL, where they're exposed before the SSL handshake (and will typically end up in server logs, too) is hardly secure. -- Brane
