Problems with apache + kerberos +svn, getting 401 unauthorzied
762 views
Skip to first unread message
ken edward
Dec 16, 2015, 4:15:15 PM12/16/15
to us...@tortoisesvn.tigris.org
Hello,
I have configured apache with mod_auth_kerb and mod_dav_svn/mod_authz_svn.
Subversion 1.8.14
Apache 2.4.17
mod_auth_kerb-5.4
Kerberos+Apache+SVN works fine if I use browser, I can read the repo tree fully. I see my username authenticated.
HOWEVER, when I try to use the TSV repo browser, it will pull up the initial list of repository contents using kerberos authentication (http 200), but if try to descend into the repository, it says unauthorized 401. Any Ideas????
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 401 381
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 188
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 401 381
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 97
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 188
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "PROPFIND /cm_repo1/!svn/rvr/2245 HTTP/1.1" 207 766
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 188
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "PROPFIND /cm_repo1 HTTP/1.1" 207 261
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 401 381
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 188
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 401 381
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 97
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 188
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "PROPFIND /cm_repo1/!svn/rvr/2245 HTTP/1.1" 207 766
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "REPORT /cm_repo1 HTTP/1.1" 200 112
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "PROPFIND /cm_repo1/!svn/rvr/2245 HTTP/1.1" 207 20172
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 401 381
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 188
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 401 381
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 97
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1 HTTP/1.1" 200 188
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "PROPFIND /cm_repo1/!svn/rvr/2245 HTTP/1.1" 207 326
133.6.84.222 - sandym [16/Dec/2015:15:13:21 -0500] "PROPFIND /cm_repo1/!svn/rvr/2245 HTTP/1.1" 207 1281
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1/visitor_PRODUCTION HTTP/1.1" 401 381
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1/cdb_PRODUCTION HTTP/1.1" 401 381
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1/cdb HTTP/1.1" 401 381
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1/shibsso HTTP/1.1" 401 381
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1/cdb_TEST HTTP/1.1" 401 381
133.6.84.222 - - [16/Dec/2015:15:13:21 -0500] "OPTIONS /cm_repo1/testproj HTTP/1.1" 401 38
Sandy
Stefan Küng
Dec 24, 2015, 2:51:22 AM12/24/15
to us...@tortoisesvn.tigris.org
On 16.12.2015 21:18, ken edward wrote:
> Hello,
>
> I have configured apache with mod_auth_kerb and mod_dav_svn/mod_authz_svn.
>
> Subversion 1.8.14
> Apache 2.4.17
> mod_auth_kerb-5.4
>
> Kerberos+Apache+SVN works fine if I use browser, I can read the repo
> tree fully. I see my username authenticated.
>
> HOWEVER, when I try to use the TSV repo browser, it will pull up the
> initial list of repository contents using kerberos authentication (http
> 200), but if try to descend into the repository, it says unauthorized
> 401. Any Ideas????
there's a distinction between authorization and authentication.
> Hello,
>
> I have configured apache with mod_auth_kerb and mod_dav_svn/mod_authz_svn.
>
> Subversion 1.8.14
> Apache 2.4.17
> mod_auth_kerb-5.4
>
> Kerberos+Apache+SVN works fine if I use browser, I can read the repo
> tree fully. I see my username authenticated.
>
> HOWEVER, when I try to use the TSV repo browser, it will pull up the
> initial list of repository contents using kerberos authentication (http
> 200), but if try to descend into the repository, it says unauthorized
> 401. Any Ideas????
First comes the authentication: you have to prove who you are.
Then comes the authorization: you get granted access or not.
Since the error is about authorization, the authentication already
worked (the server knows who you are), but *you* don't have access to
that part of the repository or the repository itself.
You have to set up the <svn> section so that your user has access.
Stefan
--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest interface to (Sub)version control
/_/ \_\ http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3151884
To unsubscribe from this discussion, e-mail: [users-un...@tortoisesvn.tigris.org].
Reply all
Reply to author
Forward
0 new messages