Victor Sudakov wrote on Mon, Jul 26, 2010 at 09:30:19 +0700:
> Colleagues,
>
> I have the following line in /usr/local/lib/sasl2/svn.conf:
> mech_list: gssapi digest-md5 anonymous
>
> How can I guarantee that the subversion client/server will always use
> GSSAPI before DIGEST-MD5? Or a more generic question, how can I change
> the order of mechanisms if I have to?
>
Looking at subversion/libsvn_ra_svn/{client.c,cyrus_auth.c}, it seems that the
following order is used:
* EXTERNAL (i.e., ssh tunnel)
* ANONYMOUS
* ${server-reported mechanisms, in the order suggested by the server}
* CRAM-MD5 (used via internal_auth.c even if SASL doesn't support it)
I don't see a knob that lets you manipulate the order.
> I have experimented with the order of mechanisms in the mech_list
> definition, but the result is always the same ( ANONYMOUS GSSAPI
> DIGEST-MD5 ). It's fine so far, but how can I change the order if
> needed?
>
Is your problem that GSSAPI is before/after DIGEST-MD5, or that it is
before/after ANONYMOUS? These are quite different situations...
> FreeBSD 6.4, subversion-1.6.12 compiled with cyrus-sasl-2.1.23 from
> ports.
>
> Thank you in advance for any input.
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> sip:[email protected]
