Dear Colleagues: I have two Kerberos realms: SIBPTUS.RU and SIBPTUS.TOMSK.RU with mutual trust.
svnserve is configured to use Kerberos: [general] anon-access = none auth-access = write realm = SIBPTUS.RU #realm = SIBPTUS.TOMSK.RU #realm = GSS_C_NO_NAME #realm = GSS_C_NO_CREDENTIAL [sasl] use-sasl = true If I uncomment the 'realm = SIBPTUS.TOMSK.RU' line, svnserve does not authenticate users from the SIBPTUS.RU realm, and vice versa: svn: E170013: Unable to connect to a repository at URL 'XXXXXXXXXXXXXXXXXXXXXX svn: E170001: Authentication error from server: SASL(-5): bad protocol / cancel: security flags do not match required Can I configure svnserve/SASL to authenticate clients from both realms? It would be great if svnserve considers j...@sibptus.ru and j...@sibptus.tomsk.ru different users (from the point of view of logging etc). I have tried GSS_C_NO_NAME and GSS_C_NO_CREDENTIAL as realm names, without any success. I am using this setup (two realms) very successfully with sshd (via the ~/.k5login mechanism) and with the squid kerberos helper which does not care about the realm and just passes user@REALM to squid itself. Only svnserve seems to be a problem. Thanks in advance for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru
