On Thu, 2007-07-05 at 07:40 -0500, Alec Kloss wrote: > I of course 100% agree that DNS canonicalization is common in krb5 > implementations, but that doesn't make it right. I've been > resisting the urge to as the rhetorical question, "if MIT jumped > off a cliff, would neon too?"
svn/neon are supposed to be multi-platform. And "everybody" expects it behaves the same on Unix (GSSAPI) or on Win32 (SSPI). But that is wrong in case of a Apache2 server with virtual host - described in http://www.grolmsnet.de/kerbtut/ and working with other clients like IE and Firefox. For me, it is really a neon bug. Do you mind if I implement it the same way putty does ? I mean: . by default no canonicalization . if the configuration key "sspi-trust-dns" is true in the related group from .subversion/server, then we do DNS canonicalization I do not know yet how to pass parameters from subversion to neon for such a configuration entry. By the way, I'm no longer motivated by such a patch... it seems really easier to change my server configuration to work-around this platform-dependent client issue. Maybe I'm the only silly guy deploying a Apache2 server on Linux with mod_auth_kerb - instead of using an out-of-box SSPI configuration on IIS ?? Regards, -- Yves Martin _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
