Victor Sudakov wrote on Wed, Dec 07, 2011 at 18:22:03 +0700: > Philip Martin wrote: > > >>> > > >>> Have you tried with "mech_list: gssapi" so that the client has no > > >>> choice? > > >> > > >> Yes, in fact I wrote about it in the original post. I repeat: > > >> > > >> If I disable the digest-md5 mech on the server, like > > >> (mech_list: gssapi anonymous), I get: > > > > > > I'm not a SASL expert, what does anonymous do? Does that give the > > > client a choice? Can you use "mech_list: gssapi"? > > > > One other thing is there is a note in > > http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt that > > states that setting the client's max-encryption to more than 56 will > > prevent GSSAPI working. I don't know whether that is still true or > > out-of-date, or why this should suddenly be an issue when going from 1.6 > > to 1.7. > > min-encryption and max-encryption are server-side settings, and the > issue is more probably in the client. >
svn_ra_svn__default_secprops() > Yes, I tried specifying min-encryption = 0; max-encryption = 56 on the > server side (in conf/svnserve.conf) but it makes no difference. It's > the client that does not even try to contact the KDC for a service > ticket. > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > sip:suda...@sibptus.tomsk.ru
