Kerberos SVN authentication

[Simon Jackson]

I'm having some problems authenticating with our SVN server.  We use kerberos+Negotiate to do passwordless authentication.

By following the instructions at https://wiki.jenkins-ci.org/display/JENKINS/Subversion+Plugin+HTTPS+Kerberos+authentication I've been able to get jsvn to work.  The options I set are java.security.krb5.realm, java.security.krb5.kdc, java.security.auth.login.config.  This authentication succeeds after a kinit is done, without having to type a password.

Within jenkins, however, SVN authentication fails unless I provide a username and password.

For reference here is some of the output of a curl fetch of an svn page:

Authorization Required

< Date: Mon, 17 Sep 2012 10:14:43 GMT

< Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8k PHP/5.2.11 mod_auth_kerb/5.4 SVN/1.6.5

< WWW-Authenticate: Negotiate

< WWW-Authenticate: Basic realm="Kerberos Login"

< Content-Length: 401

< Content-Type: text/html; charset=iso-8859-1

<

* Re-using existing connection! (#0) with host svn.----------

* Connected to svn.---------- () port ---- (#0)

* Server auth using GSS-Negotiate with user ''

> GET /------------/trunk/ HTTP/1.1

> Authorization: Negotiate -------------------------------------------------------

> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2

> Host: ---------------:---------------------

> Accept: */*

>

< HTTP/1.1 200 OK

Can anyone suggest anything else to try?

Thanks

Simon

[Simon Jackson]

For anyone who encounters this problem, the magic trick is to set

-Dsvnkit.http.methods=Negotiate 

This seems to be necessary because of an interesting "fix" for HUDSON-8153 http://issues.hudson-ci.org/browse/HUDSON-8153

The fix demotes negotiate to the least favoured method, but then the SVN plugin rejects authentication before the end of the list is reached (I think)