Hello.
Sorry for the cross-post / reply to self, but I figured out how to get subversion to do single sign on / kerberos auth on windows against mod_auth_kerb on linux, and maybe this will prevent someone else from having to spend an entire day on it.
--On Thursday, July 14, 2005 7:56 PM -0500 Christopher Mason <[EMAIL PROTECTED]> wrote:
[Thu Jul 14 16:37:27 2005] [error] [client 172.23.155.51] gss_accept_sec_context() failed: Miscellaneous failure (Request is a replay)
It turns out this is a replay cache issue in mod_auth_kerb 5.0rc4 (the version that's in Fedora Core 3) that's fixed in rc6. I'm not sure what IE does differently from neon that doesn't tickle it, but anyway...
I'm now able to do SSPI/Kerberos/SPNEGO auth from subversion (trunk) on WinXP to apache / mod_auth_kerb 5.0rc6 on FC3, no password prompting. Yeah! Hopefully neon 0.25 will make it into a windows subversion release pretty soon, because, frankly, building subversion on windows is not for the faint of heart.
If anyone is interested, I can post details on my setup.
[Thu Jul 14 16:37:52 2005] [error] [client 172.23.155.51] gss_accept_sec_context() failed: Miscellaneous failure (Wrong principal in request)
This issue (neon SSPI doesn't expand host names in SPNs) still exists. The work around is to use the FQDN, but I think the fix is a pretty short patch. I'll see if I can code this up tomorrow.
-c -- [ Christopher Mason MPRC Bioinformatics http://proteomics ] _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
