I'm using subversion against a repository with mod_auth_sspi (allowing only NTLM authentication). If during a session the connection is closed, then the next request in the session fails. So far I've seen this in 2 scenarios: - when the server set the keepalive to false (because the MaxKeepAlives is exceeded) - on non-idempotent messages (because neon closes the connection before doing such a request).
I tracked the problem down to this: 1. neon doesnot clear its sspi context / token if a connection is closed. Therefore the old token is used on the new connection, and the server does not accept that. 2. neon should not close the connection if it is in the sspi/auth negotiation for the non-idempotent messages (line 1216 in ne_request.c). The NTLM authentication is a multi-leg authentication, meaning we need at least 2 requests to do authentication. neon closes the connection after the first request, resulting in problem 1.. I can work around the first scenario by setting the MaxKeepAlives in apache to unlimited. I can not work around the second scenario because within a dav-session svn does a PROPFIND first, followed by a LOCK. Neon closes the connection before the LOCK. The lock subsequently fails with a 401, effectively preventing the lock from happening. I've got more information available on request (logs from svn.exe, and logs from apache). I also managed to hack around the issue in the neon code, but this hack is so ugly I dare not send a diff... regards, Robert van der Boon
_______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
