Dear Subversion experts, I am tto establish SVN server with Cyrus SASL authentification but failed to properly set this. When using SVN repository with config/passwd authentification then it works perfectlyworks. But I am to do more secure authentification. I am sending you all SASL+SVN related settings I was to find ouit in P.S. part of this e-mail.
I would like to ask you for any recomandation what I am doing wrong, please? Thank you for any answer I look forward hearing from you Yours faithfully Peter Fodrek P.S. /Users/mini1/my-bin/bin/svnserve --version svnserve, version 1.6.17 (r1128011) compiled Jun 6 2011, 14:53:15 Copyright (C) 2000-2009 CollabNet. Subversion is open source software, see http://subversion.apache.org/ This product includes software developed by CollabNet (http://www.Collab.Net/). The following repository back-end (FS) modules are available: * fs_fs : Module for working with a plain file (FSFS) repository. Cyrus SASL authentication is available. dhcp28-108:~ mini1$ more /Users/mini1/my-bin/lib/sasl2/subversion.conf pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: /Users/mini1/my-bin/druha saslauthd_path: /Users/mini1/my-bin/sbin mech_list: DIGEST-MD5 dhcp28-108:~ mini1$ ls -la /Users/mini1/my-bin/sbin/sasl* -rwxr-xr-x 1 mini1 staff 77176 Jun 6 14:40 /Users/mini1/my- bin/sbin/saslauthd -rwxr-xr-x 1 mini1 staff 251360 Jun 6 14:40 /Users/mini1/my- bin/sbin/sasldblistusers2 -rwxr-xr-x 1 mini1 staff 256120 Jun 6 14:40 /Users/mini1/my- bin/sbin/saslpasswd2 dhcp28-108:~ mini1$ /Users/mini1/my-bin/sbin/sasldblistusers2 /Users/mini1/my-bin/druha agentura@APVV: userPassword moj@Subversion: userPassword peter@APVV: cmusaslsecretOTP pokusny@APVV: userPassword test@APVV: cmusaslsecretOTP testovic@APVV: userPassword uni@Subversion: userPassword agentura@APVV: cmusaslsecretOTP moj@Subversion: cmusaslsecretOTP peter@APVV: userPassword pokusny@APVV: cmusaslsecretOTP test@APVV: userPassword testovic@APVV: cmusaslsecretOTP uni@Subversion: cmusaslsecretOTP dhcp28-108:~ mini1$ sudo killall -9 svnserve dhcp28-108:~ mini1$ sudo /Users/mini1/my-bin/bin/svnserve -d -r /opt/repos/ dhcp28-108:~ mini1$ cat /opt/repos/Plazma/conf/svnserve.conf ### This file controls the configuration of the svnserve daemon, if you ### use it to allow access to this repository. (If you only allow ### access through http: and/or file: URLs, then this file is ### irrelevant.) ### Visit http://subversion.tigris.org/ for more information. [general] ### These options control access to the repository for unauthenticated ### and authenticated users. Valid values are "write", "read", ### and "none". The sample settings below are the defaults. anon-access = none auth-access = write ### The password-db option controls the location of the password ### database file. Unless you specify a path starting with a /, ### the file's location is relative to the directory containing ### this configuration file. ### If SASL is enabled (see below), this file will NOT be used. ### Uncomment the line below to use the default password file. password-db = passwd ### The authz-db option controls the location of the authorization ### rules for path-based access control. Unless you specify a path ### starting with a /, the file's location is relative to the the ### directory containing this file. If you don't specify an ### authz-db, no path-based access control is done. ### Uncomment the line below to use the default authorization file. #authz-db = authz ### This option specifies the authentication realm of the repository. ### If two repositories have the same authentication realm, they should ### have the same password database, and vice versa. The default realm ### is repository's uuid. realm = APVV [sasl] ### This option specifies whether you want to use the Cyrus SASL ### library for authentication. Default is false. ### This section will be ignored if svnserve is not built with Cyrus ### SASL support; to check, run 'svnserve --version' and look for a line ### reading 'Cyrus SASL authentication is available.' use-sasl = true ### These options specify the desired strength of the security layer ### that you want SASL to provide. 0 means no encryption, 1 means ### integrity-checking only, values larger than 1 are correlated ### to the effective key length for encryption (e.g. 128 means 128-bit ### encryption). The values below are the defaults. #min-encryption = 0 #max-encryption = 256 pwcheck_method: auxprop auxprop_plugin: sasldb sasldb_path: /Users/mini1/my-bin/druha mech_list: DIGEST-MD5 dhcp28-108:~ mini1$ls -la /Users/mini1/my-bin/lib/sasl2/ total 1952 drwxr-xr-x 22 mini1 staff 748 Jun 6 15:52 . drwxr-xr-x 78 mini1 staff 2652 Jun 6 14:59 .. -rw-r--r-- 1 mini1 staff 73640 Jun 6 14:39 libanonymous.a -rwxr-xr-x 1 mini1 staff 645 Jun 6 14:39 libanonymous.la -rw-r--r-- 1 mini1 staff 81880 Jun 6 14:39 libcrammd5.a -rwxr-xr-x 1 mini1 staff 639 Jun 6 14:39 libcrammd5.la -rw-r--r-- 1 mini1 staff 176560 Jun 6 14:39 libdigestmd5.a -rwxr-xr-x 1 mini1 staff 654 Jun 6 14:39 libdigestmd5.la -rw-r--r-- 1 mini1 staff 104704 Jun 6 14:39 libgssapiv2.a -rwxr-xr-x 1 mini1 staff 693 Jun 6 14:39 libgssapiv2.la -rw-r--r-- 1 mini1 staff 76952 Jun 6 13:27 liblogin.a -rwxr-xr-x 1 mini1 staff 633 Jun 6 13:27 liblogin.la -rw-r--r-- 1 mini1 staff 209768 Jun 6 14:39 libotp.a -rwxr-xr-x 1 mini1 staff 636 Jun 6 14:39 libotp.la -rw-r--r-- 1 mini1 staff 75456 Jun 6 14:39 libplain.a -rwxr-xr-x 1 mini1 staff 633 Jun 6 14:39 libplain.la -rw-r--r-- 1 mini1 staff 135992 Jun 6 14:39 libsasldb.a -rwxr-xr-x 1 mini1 staff 697 Jun 6 14:39 libsasldb.la -rw-r--r-- 1 mini1 staff 150 Jun 6 16:18 subversion.conf lrwxr-xr-x 1 mini1 staff 15 Jun 6 15:52 svn.conf -> subversion.conf lrwxr-xr-x 1 mini1 staff 15 Jun 6 15:52 svnserve.conf -> subversion.conf
