Force windows client to use certain authentication
362 views
Skip to first unread message
Pauli Sundberg
Sep 26, 2014, 9:40:11 AM9/26/14
to d...@tortoisesvn.tigris.org
Hi all.
The background of the problem is that we have visual-svn server running (somewhere) and it is painfully slow to use with windows. With linux the server works fast. We are speaking 90sec vs 3sec in 'svn up'. I did some package capture with wireshark and i see that windows client is doing lots of LDAP queries and waiting for responses. The visual svn server also provides browser interface, and that also works fine (with windows). I know that the proper answer is that "fix your server/domain" but unfortunately its not my call.
So, i would like to make my life bearable by forcing my windows svn client to use http-basic authentication (to skip windows domain authentication that i think is causing slow performance). And based on manual i think would need to set "http-auth-types" = "basic".
I tried setting %USERPROFILE%\AppData\Roaming\Subversion\servers setting "http-auth-types" and i was able to get error by setting it to "FOO" (so its proper file and its red ok). Setting it to "basic" seems to have no effect; the same (slow) authentication cycle continues.
I tried also configuration line option --config-option=servers:global:http-auth-types=FOO - it gives error on linux but works fine on windows, without effect (dont know why!).
I am running "svn, version 1.8.8 (r1568071), compiled Feb 18 2014, 20:42:30 on x86-microsoft-windows" and the schema is HTTPS that is handled by "ra_serf".
Any suggestions what i am doing wrong?
Thanks!
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=3089068
To unsubscribe from this discussion, e-mail: [dev-uns...@tortoisesvn.tigris.org].
The background of the problem is that we have visual-svn server running (somewhere) and it is painfully slow to use with windows. With linux the server works fast. We are speaking 90sec vs 3sec in 'svn up'. I did some package capture with wireshark and i see that windows client is doing lots of LDAP queries and waiting for responses. The visual svn server also provides browser interface, and that also works fine (with windows). I know that the proper answer is that "fix your server/domain" but unfortunately its not my call.
So, i would like to make my life bearable by forcing my windows svn client to use http-basic authentication (to skip windows domain authentication that i think is causing slow performance). And based on manual i think would need to set "http-auth-types" = "basic".
I tried setting %USERPROFILE%\AppData\Roaming\Subversion\servers setting "http-auth-types" and i was able to get error by setting it to "FOO" (so its proper file and its red ok). Setting it to "basic" seems to have no effect; the same (slow) authentication cycle continues.
I tried also configuration line option --config-option=servers:global:http-auth-types=FOO - it gives error on linux but works fine on windows, without effect (dont know why!).
I am running "svn, version 1.8.8 (r1568071), compiled Feb 18 2014, 20:42:30 on x86-microsoft-windows" and the schema is HTTPS that is handled by "ra_serf".
Any suggestions what i am doing wrong?
Thanks!
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=3089068
To unsubscribe from this discussion, e-mail: [dev-uns...@tortoisesvn.tigris.org].
Simon Large
Sep 26, 2014, 9:55:50 AM9/26/14
to d...@tortoisesvn.tigris.org
On 26 September 2014 08:44, Pauli Sundberg <susun...@gmail.com> wrote:
Hi all.
The background of the problem is that we have visual-svn server running (somewhere) and it is painfully slow to use with windows. With linux the server works fast. We are speaking 90sec vs 3sec in 'svn up'. I did some package capture with wireshark and i see that windows client is doing lots of LDAP queries and waiting for responses. The visual svn server also provides browser interface, and that also works fine (with windows). I know that the proper answer is that "fix your server/domain" but unfortunately its not my call.
So, i would like to make my life bearable by forcing my windows svn client to use http-basic authentication (to skip windows domain authentication that i think is causing slow performance). And based on manual i think would need to set "http-auth-types" = "basic".
I tried setting %USERPROFILE%\AppData\Roaming\Subversion\servers setting "http-auth-types" and i was able to get error by setting it to "FOO" (so its proper file and its red ok). Setting it to "basic" seems to have no effect; the same (slow) authentication cycle continues.
I tried also configuration line option --config-option=servers:global:http-auth-types=FOO - it gives error on linux but works fine on windows, without effect (dont know why!).
I am running "svn, version 1.8.8 (r1568071), compiled Feb 18 2014, 20:42:30 on x86-microsoft-windows" and the schema is HTTPS that is handled by "ra_serf".
Any suggestions what i am doing wrong?
Hi Pauli,
I think you will get more responses if you ask this question on the subversion users mailing list as it is not specific to TortoiseSVN, more about the interaction of subversion client and server libraries.
Simon
Stefan Küng
Sep 26, 2014, 10:35:48 AM9/26/14
to d...@tortoisesvn.tigris.org
On 26.09.2014 09:44, Pauli Sundberg wrote:
> Hi all.
>
> The background of the problem is that we have visual-svn server
> running (somewhere) and it is painfully slow to use with windows.
> With linux the server works fast. We are speaking 90sec vs 3sec in
> 'svn up'. I did some package capture with wireshark and i see that
> windows client is doing lots of LDAP queries and waiting for
> responses. The visual svn server also provides browser interface, and
> that also works fine (with windows). I know that the proper answer is
> that "fix your server/domain" but unfortunately its not my call.
But you could ask others to fix the domain?
> Hi all.
>
> The background of the problem is that we have visual-svn server
> running (somewhere) and it is painfully slow to use with windows.
> With linux the server works fast. We are speaking 90sec vs 3sec in
> 'svn up'. I did some package capture with wireshark and i see that
> windows client is doing lots of LDAP queries and waiting for
> responses. The visual svn server also provides browser interface, and
> that also works fine (with windows). I know that the proper answer is
> that "fix your server/domain" but unfortunately its not my call.
> So, i would like to make my life bearable by forcing my windows svn
> client to use http-basic authentication (to skip windows domain
> authentication that i think is causing slow performance). And based
> on manual i think would need to set "http-auth-types" = "basic".
>
> I tried setting %USERPROFILE%\AppData\Roaming\Subversion\servers
> setting "http-auth-types" and i was able to get error by setting it
> to "FOO" (so its proper file and its red ok). Setting it to "basic"
> seems to have no effect; the same (slow) authentication cycle
> continues.
before svn even gets asked about authentication,
> I tried also configuration line option
> --config-option=servers:global:http-auth-types=FOO - it gives error
> on linux but works fine on windows, without effect (dont know why!).
>
> I am running "svn, version 1.8.8 (r1568071), compiled Feb 18 2014,
> 20:42:30 on x86-microsoft-windows" and the schema is HTTPS that is
> handled by "ra_serf".
>
> Any suggestions what i am doing wrong?
can't disable that.
Such a slowdown as you described usually only happens if the user GUEST
is active on your computer and/or the domain. If that user is active on
a domain, that's never a good idea and only causes security risks - in a
normal setup, that user is never used and therefore should be
disabled/removed.
The slowdown happens because domain authentication is per definition
always done using the credentials with the least privileges. So if the
user GUEST is active, every net request is first tried with that user.
Of course, that user does not have access to your repository so an error
is returned, which then causes the domain auth to try the next user (the
one you're logged in with).
Also, TortoiseSVN has the eCapi module enabled in OpenSSL. It shouldn't
cause such slowdowns but since I don't know your exact setup I can't be
sure. To disable that, create the DWORD registry value
HKCU\Software\TortoiseSVN\OpenSSLCapi and set it to zero.
Stefan
--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest interface to (Sub)version control
/_/ \_\ http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=3089083
Stefan Küng
Sep 26, 2014, 10:51:30 AM9/26/14
to d...@tortoisesvn.tigris.org
On Fri, Sep 26, 2014 at 4:35 PM, Stefan Kueng <torto...@gmail.com> wrote:
On 26.09.2014 09:44, Pauli Sundberg wrote:
I tried setting %USERPROFILE%\AppData\Roaming\Subversion\servers
setting "http-auth-types" and i was able to get error by setting it
to "FOO" (so its proper file and its red ok). Setting it to "basic"
seems to have no effect; the same (slow) authentication cycle
continues.
Also, in svn 1.8 the default for the http-auth-types is "
negotiate;ntlm;basic".
which means you should not set it to something illegal but to "basic"
Stefan
--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest Interface to (Sub)Version Control
/_/ \_\ http://tortoisesvn.net
/_/ \_\ http://tortoisesvn.net
Reply all
Reply to author
Forward
0 new messages