On 2010-03-23 15:57, Alec Kloss wrote: > On 2010-03-23 11:16, Alec Kloss wrote: > > On 2010-03-23 17:11, Stefan Sperling wrote: > > > > > Hi Alec, > > > > > > I remember your patch. It looked pretty simple and OK to me, but > > > I didn't feel confident enough about my own understanding of what > > > the patch really does. > [chop] > > > > Sure thing. I'll try to write up a giant setup script for the whole > > deal. Note that my patch is mostly important in cross-realm cases which > [chop] > > Please see the attached testsvncrossrealm.sh and results.txt files. > There's a kinda unfun list of prerequisites for the script to work > right. There's a comment block at the top of the script describing > what needs to be changed including a patch to Cyrus SASL. > > You should be able to use this script to see what Cyrus SASL does > and how my changes to cyrus_auth.c deal with cross-realm. > > I'd be happy to discuss or help you configure a test environment > further. Kerberos+SASL+GSSAPI has a somewhat steep learning curve. > > -- > alec.kl...@oracle.com Oracle Middleware > PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xEBD1FF14
Now please see attached. -- alec.kl...@oracle.com Oracle Middleware PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xEBD1FF14
testsvncrossrealm.sh
Description: Bourne shell script
added krbtgt/rea...@realm1 with password "0xmhLBdagx"
added krbtgt/rea...@realm2 with password "biwzgsuGB="
Path: localhost
URL: svn://localhost
Repository Root: svn://localhost
Repository UUID: 3236a131-a4db-4cd6-8264-4231ac44fef4
Revision: 0
Node Kind: directory
Last Changed Rev: 0
Last Changed Date: 2010-03-23 15:58:42 -0500 (Tue, 23 Mar 2010)
svn: Authentication error from server: SASL(-5): bad protocol / cancel:
svnserve: Network connection closed unexpectedly
Credentials cache:
FILE:/afs/research.stellent.com/user/ajk/work/xrealmsvn/realm2user.keytab
Principal: realm2u...@realm2
Cache version: 4
Server: krbtgt/rea...@realm2
Client: realm2u...@realm2
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 330
Auth time: Mar 23 15:58:42 2010
End time: Mar 24 01:58:42 2010
Renew till: Mar 30 15:58:42 2010
Ticket flags: forwardable, renewable, initial, pre-authenticated
Addresses: addressless
Server: krbtgt/rea...@realm2
Client: realm2u...@realm2
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 267
Auth time: Mar 23 15:58:42 2010
Start time: Mar 23 15:58:43 2010
End time: Mar 24 01:58:42 2010
Ticket flags: pre-authenticated, transited-policy-checked
Addresses: addressless
Server: svn/localh...@realm1
Client: realm2u...@realm2
Ticket etype: aes256-cts-hmac-sha1-96, kvno 1
Ticket length: 330
Auth time: Mar 23 15:58:42 2010
Start time: Mar 23 15:58:43 2010
End time: Mar 24 01:58:42 2010
Ticket flags: pre-authenticated, transited-policy-checked
Addresses: addressless
./testsvncrossrealm.sh: line 63: kill: (17308) - No such process
pgpPpGI1viI8n.pgp
Description: PGP signature
