[Bug 1487398] Re: Kerberos authentication no longer works following upgrade 1.8.8-1ubuntu3.1 to 1.8.8-1ubuntu3.2

Bug Watch Updater 1487398 at bugs.launchpad.net
Tue Sep 8 09:27:22 UTC 2015 

** Changed in: subversion (Debian)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to subversion in Ubuntu.
https://bugs.launchpad.net/bugs/1487398

Title:
  Kerberos authentication no longer works following upgrade
  1.8.8-1ubuntu3.1 to 1.8.8-1ubuntu3.2

Status in subversion package in Ubuntu:
  Confirmed
Status in subversion package in Debian:
  Confirmed

Bug description:
  We have been using mod-dav-svn for sometime but since update it has
  failed to authenticate to kerberos.

  Rolling back the update has resolved the issue.

  Our configuration is as follows:-

  <Location /svn>

  	Options         FollowSymLinks
  	AuthType Kerberos
  	AuthName "CardBoardFish Subversion Repository"
  	Krb5Keytab /etc/apache2/apache.keytab
  	KrbMethodNegotiate on
  	Require valid-user

    # Uncomment this to enable the repository
    DAV svn

    # Set this to the path to your repository
    #SVNPath /var/lib/svn
    # Alternatively, use SVNParentPath if you have multiple repositories under
    # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
    # You need either SVNPath and SVNParentPath, but not both.
    SVNParentPath /var/lib/svn

    # Access control is done at 3 levels: (1) Apache authentication, via
    # any of several methods.  A "Basic Auth" section is commented out
    # below.  (2) Apache <Limit> and <LimitExcept>, also commented out
    # below.  (3) mod_authz_svn is a svn-specific authorization module
    # which offers fine-grained read/write access control for paths
    # within a repository.  (The first two layers are coarse-grained; you
    # can only enable/disable access to an entire repository.)  Note that
    # mod_authz_svn is noticeably slower than the other two layers, so if
    # you don't need the fine-grained control, don't configure it.

    # Basic Authentication is repository-wide.  It is not secure unless
    # you are using https.  See the 'htpasswd' command to create and
    # manage the password file - and the documentation for the
    # 'auth_basic' and 'authn_file' modules, which you will need for this
    # (enable them with 'a2enmod').
    #AuthType Basic
    #AuthName "Subversion Repository"
    #AuthUserFile /etc/apache2/dav_svn.passwd

    # To enable authorization via mod_authz_svn (enable that module separately):
    #<IfModule mod_authz_svn.c>
    #AuthzSVNAccessFile /etc/apache2/dav_svn.authz
    #</IfModule>

    # The following three lines allow anonymous read, but make
    # committers authenticate themselves.  It requires the 'authz_user'
    # module (enable it with 'a2enmod').
    #<LimitExcept GET PROPFIND OPTIONS REPORT>
      #Require valid-user
    #</LimitExcept> 
  	AuthzSVNAccessFile /var/lib/svn/.svnauthz_kerb
  </Location>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1487398/+subscriptions

More information about the foundations-bugs mailing list