subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: Cannot negotiate authentication mechanisim
Date Sat, 03 Apr 2010 17:24:34 GMT
Aaron Turner wrote on Sat, 3 Apr 2010 at 09:33 -0700:
> On Sat, Apr 3, 2010 at 9:16 AM, Aaron Turner <synfinatic@gmail.com> wrote:
> > On Sat, Apr 3, 2010 at 12:30 AM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> >> Aaron Turner wrote on Fri, 2 Apr 2010 at 18:48 -0700:
> >>> So this works fine for me from Linux and TortioseSVN, but from
> >>> Windows/Cygwin when I try to check out my repo
> >>> (svn://svn.synfin.net/tcpreplay) I get an error "svn: Cannot negotiate
> >>> authentication mechanisim".  I'm using SASL auth on the backend...
> >>>
> >>
> >> That server only offers DIGEST-MD5 authentication.  Natively, Subversion
> >> only knows CRAM-MD5 (if the comments in the source are still accurate;
> >> `grep MD5 subversion/{svnserve,libsvn_ra_svn}/*`).  So I guess you need an
> >> svn binary compiled/configured for SASL support, or to configure the
> >> server to allow CRAM-MD5.
> >
> > So: svn --version on the client says:
> >
> > * ra_svn : Module for accessing a repository using the svn network protocol.
> >  - with Cyrus SASL authentication
> >  - handles 'svn' scheme
> >
> > So I thought that meant it should support things like digest-md5.  Is
> > there a way to see what auth methods it does support?
> >
> > The reason I forced digest-md5 auth was since cram-md5 doesn't support
> > data encryption.  Probably not the end of the world though.
> >
> 
> FYI, after digging some more, I found the problem... it wasn't
> cram-md5 vs. digest-md5... client supports both.  The issue was the
> server requiring encryption (min-encryption=128) and the client didn't
> support it.  Probably would be nice if the error message was a little
> more specific to this problem.
> 

It seems that the non-specific error message is inherent to the way 
try_auth() (In libsvn_ra_svn/cyrus_auth.c) works: it discards the errors 
from failing mechanisms, so the error it raises is always SASL_NOMECH.

> 
Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message