Subversion and mod_auth_kerb issues

4/11/2007

Been trying to track down some issues with the new Subversion servers at work. They are setup to be accessed via https only, authentication provided by mod_auth_kerb. This works beautifully for doing Negotiate auth, however I’d been seeing some odd errors when it would fall back to Basic. I was seeing a bunch of replay errors logged:

krb5_verify_init_creds() failed: Request is a replay

Along with the more cryptic:

The locks could not be queried for verification against a possible "If:" header. [500, #0]

It was pretty obvious that the errors were related, however the replay message were spewing much more frequently. I enlisted the help of jorton (resident Apache guru) and we managed to fix a few other small annoyances, but got nowhere on the errors. Till yesterday. Joe forwarded me an email from the m_a_k mailing list that said to set kdc_timesync = 0. The thread has a good explanation of why this needs to be set, so go read it. :)

By Matthew Schick | Posted in Work | Tagged , , , | Comments (0)

Subversion hooks

10/13/2006

Spent some time working with Subversion hooks last night to test svnsync and discovered something. If you wanna run sudo in a hook (don’t ask), make sure you call bash with the login param or it will be unable to decide what your uid is.

By Matthew Schick | Posted in Projects | Tagged | Comments (0)

SVK

6/25/2006

Came across SVK while looking for a way to mirror my subversion repos between this new server and my home network. According to their site, SVK “supports repository mirroring, disconnected operation, history-sensitive merging, and integrates with other version control systems, as well as popular visual merge tools”. It’s based on Subversion, has some damn promising features….

By Matthew Schick | Posted in Projects | Tagged , | Comments (0)