Tortoise authentications with HTTPS + Kerberos

244 views

Skip to first unread message

Keiran Sweet

unread,

Feb 24, 2012, 9:34:38 AM2/24/12

to us...@tortoisesvn.tigris.org

Hi There,
We have over the last few months encountered a quite major issue with tortoise SVN and Kerberos when accessing our subversion repositories via HTTPS.

The main problem we have is that for a period of time (months) all will be fine on the client side, then suddenly the tortoise client fails to authenticate via Krb5, and as such any subversion functionality fails. This happens sporadically across our clients, with some remaining fine, and others never to function again via HTTPS/KRB5.

On the client side, we get the following error messages:

Error: PROPFIND of '/svn/path/is/here/': authorization failed: Could
Error: not authenticate to server: could not parse challenge (https://bitbucket.domain.tld)

On the server side, we are running the following
* 64-Bit RHEL 5.7 + Apache/2.2.3 + Mod_ssl + Kerberos 5 + LDAP
* The KDC and LDAP servers in this case are Microsoft active directory and function fine for all other purposes (Linux auth, Apache access control, etc). No issues are expected here, and some clients continue to function fine.

An example configuration snippet is below from Apache for your reference:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<Location /svn/infra>
DAV svn
SVNPath /opt/svn/infra

SSLRequireSSL

AuthType Kerberos
AuthName "Kerberos Login - Infrastructure"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbAuthRealms DOMAINNAME.TLD
Krb5KeyTab /etc/httpd/conf/keytab

AuthLDAPBindDN 'FULL DN FOR BINDING'
AuthLDAPBindPassword PASSWORD
AuthLDAPUrl "ldap://LDAP URI STRING" NONE

#### Permitted Users/Groups
require ldap-group CN=sec_lnx_admins

</Location>

In regards to further diagnosis, I have found the following:
* I've continued to use the standard svn linux client using HTTPS + Kerberos against the same repository and it hasnt missed a beat.
* I've asked the users to upgrade to the latest versions of Tortoise and can confirm that the below versions exhibit this issue:

TortoiseSVN 1.6.16, Build 21511 - 32 Bit , 2011/06/01 19:00:35
Subversion 1.6.17,
apr 1.3.12
apr-utils 1.3.12
neon 0.29.6
OpenSSL 1.0.0d 8 Feb 2011
zlib 1.2.5

TortoiseSVN 1.7.5, Build 22551 - 32 Bit , 2012/02/13 17:36:15
Subversion 1.7.3,
apr 1.4.5
apr-utils 1.3.12
neon 0.29.6
OpenSSL 1.0.0e 6 Sep 2011
zlib 1.2.5

The client OS is both Windows XP and Windows 7.

As a work around, I am able to move the clients to a SSH+SVN configuration, which although works isn't really how I want it to function.

I've had a look through the archived lists and forums and have found other users having the same issue, however root cause never seems to be found.

Example:
* http://groups.google.com/group/tortoisesvn/browse_thread/thread/6f5a9cb9c614969f

Has anyone else encountered this issue, or have any advice on how i can progress with diagnosing this issue ?

All the best,

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2926297

To unsubscribe from this discussion, e-mail: [users-un...@tortoisesvn.tigris.org].

Reply all

Reply to author

Forward

0 new messages