Solution to possible SmartSVN's SASL authentication problems

SmartSVN may fail to authenticate if SASL high encryption has been configured

For svnserve, SASL is configured in the sasl section of conf/svnserve.conf, see below.

Depending on the Java Virtual Machine settings, high values for min-encryption may cause the authentication to fail. A solution is either to decrease this value or to upgrade the JVM to support the requested cipher strength.

Another cause for failures may be usage of too old JVMs. SASL authentication requires Java 1.5 or higher.

A working example

The conf/svnserve.conf file. For details refer to here.

In /etc/sasl2 there are following files:

-rw-r--r-- 1 root root 49152 Apr 01 2009 sasldb_svn
-rw-rw-rw- 1 root root 135 Apr 01 2009 svn.conf

The /etc/sasl2/svn.conf is automatically read by svnserve (because it advertises itself as "svn"). Its list contains all possible mechanisms to use. When it comes to a handshake only those are used that satisfy svnserve.conf conditions (anonymous access support, encryption support, etc). Users and their passwords are validated against sasldb_svn database. A possible output of

# sasldblistusers2 /etc/sasl2/sasldb_svn

might look like:

alex@svnkit.com: password
ivan@somewhereelse: password

Only alex has access to the repository with "svnkit.com" realm.

Tags :
Social Bookmarks :  Add this post to Slashdot    Add this post to Digg    Add this post to Reddit    Add this post to Delicious    Add this post to Stumble it    Add this post to Google    Add this post to Technorati    Add this post to Bloglines    Add this post to Facebook    Add this post to Furl    Add this post to Windows Live    Add this post to Yahoo!
Add a comment RSS feed for responses to this blog entry
Posted by Marc Strapetz on March 17, 2010 8:03:00 PM CET #



Add a comment Send a TrackBack