Summary: SVN E170001: Authentication error with specific user/realm/pw
combinations while many other work!
Observations/Workarounds
While there is a work around, by simply changing the password, we have an
unusual reoccurring issue with some user/realm/password combinations. It's a
problem
setting the same password to many repos.
The issue shows up under both CRAM-MD5 and DIGEST-MD5, but not for the same
user/realm/password.
>From and SVN perspective:
How do I get svn/svnserve to log the hashed response so I can compare it
outside of SASL and MYSQL.
I suspect our method to generate the hashed CRAM-MD5 and DIGEST-MD5 that we
store in mysql has a bug, what is a good place to locate source for this
program.
Use Case is a simple svn task: $svn list svn://SVN.HOST.DOMAIN:12000
Server Config
svnserver configured via sasl mechanism CRAM-MD5 and/or
Digest-MD5 -
Hashed passwd stored in mysqlDB
separate realm for each repo
Assumptions:
Since it works most of the time, configurations are correct.
Issue: Some password combinations return svn: E170001: Authentication error
from server: SASL(-13): authentication failure: incorrect digest response
User/process quick check: when we suspect an issue we compare the generated
hash with DB stored hash to rule out, process, user and DB issue.
gen_hash - user realm passwd using sasl_passwd binary
query_hash - query user realm from MYSQL DB
inspect HEX gen_hash ~ HEX query_hash
if hash matches, we expect $svn list user passwd svn://SVN.HOST.DOMAIN:12000 to
be successful.
Summary Sample tests updating mysqlDB and running svn list using a different
password
Works- Capmpwds2018
Works- apmpwds2018
Fails- capmpwds2018
Works- cApmpwds2018
Test SCRIPT
ksh ./add_user.sh:prod m80154 Capmpwds2018 capmbat2 update
The DB agrees with user/pw/realm
DB cmusaslsecretCRAM-MD5
6FE5A5552D2F13F7BDBF6FB2AE9B1A125313C2BA79479D153877B95CFA9DFC29
Commandline CRAM USER:HEX/UN
6FE5A5552D2F13F7BDBF6FB2AE9B1A125313C2BA79479D153877B95CFA9DFC29
Success m80154 -
/opt/app/scm/svn/binaries/svn_1.9.7/bin/svn --no-auth-cache --username m80154
--password Capmpwds2018 list svn://SVN.HOST.DOMAIN:12000
$ksh ./add_user.sh:prod m80154 apmpwds2018 capmbat2 update
The DB agrees with user/pw/realm
DB cmusaslsecretCRAM-MD5
6A2912411C7616DECF97A2B7582ADEF4855C3B4E4373046832D242AEC4AC08E2
Commandline CRAM USER:HEX/UN
6A2912411C7616DECF97A2B7582ADEF4855C3B4E4373046832D242AEC4AC08E2
Success m80154 - /opt/app/scm/svn/binaries/svn_1.9.7/bin/svn
--no-auth-cache --username m80154 --password apmpwds2018 list
svn://SVN.HOST.DOMAIN:12000
ksh ./add_user.sh:prod m80154 capmpwds2018 capmbat2 update
The DB agrees with user/pw/realm
DB cmusaslsecretCRAM-MD5
59B803D644BC84CF91230A8FFEA371A3421AE83003009232483A3FEF5B90BE6A
Commandline CRAM USER:HEX/UN
59B803D644BC84CF91230A8FFEA371A3421AE83003009232483A3FEF5B90BE6A
Failed m80154 /opt/app/scm/svn/binaries/svn_1.9.7/bin/svn
--no-auth-cache --username m80154 --password capmpwds2018 list
svn://SVN.HOST.DOMAIN:12000
svn: E170013: Unable to connect to a repository
at URL 'svn://SVN.HOST.DOMAIN:12000'
svn: E170001: Authentication error from server:
SASL(-13): authentication failure: incorrect digest response
$ksh ./add_user.sh:prod m80154 cApmpwds2018 capmbat2 update
The DB agrees with user/pw/realm
DB cmusaslsecretCRAM-MD5
9328603F62A27B23C3A01149D8CA97BB5885F9163C9498918FDD2223439EED26
Commandline CRAM USER:HEX/UN
9328603F62A27B23C3A01149D8CA97BB5885F9163C9498918FDD2223439EED26
Success m80154 - /opt/app/scm/svn/binaries/svn_1.9.7/bin/svn --no-auth-cache
--username m80154 --password cApmpwds2018 list svn://SVN.HOST.DOMAIN:12000
-
