Discussion:
svnserve : anonymous access not working
Gingko
2010-11-10 16:39:24 UTC
Permalink
Hello,

I have a problem with svnserve :

I want to configure it for allowing anonymous users to read it, but this
don't work :
if I checkout (using TortoiseSVN), I am always asked to supply my password.

If I do it, the checkout works fine.

Otherwise I cannot checkout.

And if I click "OK" (in the TortoiseSVN authentication dialog) without
giving any authentication (leaving all fields empty), I get the following
message :

SASL(-1): generic failure: Unable to find a callback: 2

svnserve (from Subversion 1.6.12) runs on a Linux server with Debian lenny
5.0 (64 bit edition).

The "svnserve.conf" file for that repository contains the following :
------------------------------------------------------------------------------------------------
[general]
anon-access = read
auth-access = write
realm = Référentiel Pouchin TV Mod

[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
------------------------------------------------------------------------------------------------

For SASL, I have also a "svn.conf" file in the "/etc/" directory, containing
the
following :
------------------------------------------------------------------------------------------------
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/svn/sasldb
mech_list: DIGEST-MD5
------------------------------------------------------------------------------------------------

Note that there is also an Apache access, running concurrently, which works
fine for anonymous reading. But I also want this anonymous access on
svnserve.

svnserve is configured for logging all accesses, but the log doesn't record
anything during theses failing anonymous accesses.

svnserve is launched through the "inetd.conf" file, and the corresponding
line is :

svn stream tcp nowait www-data
/usr/bin/svnserve svnserve -i --log-file /var/log/svnserve.log -r
/var/lib/svn

I don't understand why it doesn't work.

Isn't it enough to set "anon-access = read" for allowing anonymous reading
access ?
What am I doing wrong ?

Best regards,

Gingko
Gingko
2010-11-10 20:04:50 UTC
Permalink
----- Original Message -----
From: "Gingko" <***@nospam.homelinux.org>
To: "Subversion User List" <***@subversion.apache.org>
Sent: Wednesday, November 10, 2010 5:39 PM
Subject: svnserve : anonymous access not working
Post by Gingko
Hello,
I want to configure it for allowing anonymous users to read it, but this
if I checkout (using TortoiseSVN), I am always asked to supply my password.
If I do it, the checkout works fine.
Otherwise I cannot checkout.
And if I click "OK" (in the TortoiseSVN authentication dialog) without
giving any authentication (leaving all fields empty), I get the following
SASL(-1): generic failure: Unable to find a callback: 2
svnserve (from Subversion 1.6.12) runs on a Linux server with Debian lenny
5.0 (64 bit edition).
------------------------------------------------------------------------------------------------
[general]
anon-access = read
auth-access = write
realm = Référentiel Pouchin TV Mod
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
------------------------------------------------------------------------------------------------
For SASL, I have also a "svn.conf" file in the "/etc/" directory,
containing the
------------------------------------------------------------------------------------------------
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/svn/sasldb
mech_list: DIGEST-MD5
------------------------------------------------------------------------------------------------
Note that there is also an Apache access, running concurrently, which works
fine for anonymous reading. But I also want this anonymous access on
svnserve.
svnserve is configured for logging all accesses, but the log doesn't record
anything during theses failing anonymous accesses.
svnserve is launched through the "inetd.conf" file, and the corresponding
svn stream tcp nowait
www-data
/usr/bin/svnserve svnserve -i --log-file /var/log/svnserve.log -r
/var/lib/svn
I don't understand why it doesn't work.
Isn't it enough to set "anon-access = read" for allowing anonymous reading
access ?
What am I doing wrong ?
Best regards,
Gingko
Hello again,

While searching on the web, I found a one year old message thread from this
very same list describing, on its very last message, a case that looks like
my one.

Unfortunately, the question has never been answered (maybe because not
clearly asked, or maybe because the message was sent just before Subversion
moved from Tigris to Apache?).

http://svn.haxx.se/users/archive-2009-11/0313.shtml

Please, could you confirm that it is really possible to use svnserve with
SASL (for writing), AND allowing anonymous read access at once?

Gingko
Daniel Shahaf
2010-11-10 21:45:41 UTC
Permalink
I agree that anon-access=read should work. From looking at the code,
I'm not sure whether the SASL glue logic signals "I couldn't auth this
user", or just returns an error. In the meantime, as a workaround, does
adding ANONYMOUS to the mech_list achieve the desired behaviour?
----- Original Message ----- From: "Gingko"
Sent: Wednesday, November 10, 2010 5:39 PM
Subject: svnserve : anonymous access not working
Post by Gingko
Hello,
I want to configure it for allowing anonymous users to read it, but this
if I checkout (using TortoiseSVN), I am always asked to supply my password.
If I do it, the checkout works fine.
Otherwise I cannot checkout.
And if I click "OK" (in the TortoiseSVN authentication dialog) without
giving any authentication (leaving all fields empty), I get the following
SASL(-1): generic failure: Unable to find a callback: 2
svnserve (from Subversion 1.6.12) runs on a Linux server with Debian lenny
5.0 (64 bit edition).
------------------------------------------------------------------------------------------------
[general]
anon-access = read
auth-access = write
realm = Référentiel Pouchin TV Mod
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
------------------------------------------------------------------------------------------------
For SASL, I have also a "svn.conf" file in the "/etc/" directory,
containing the
------------------------------------------------------------------------------------------------
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/svn/sasldb
mech_list: DIGEST-MD5
------------------------------------------------------------------------------------------------
Note that there is also an Apache access, running concurrently, which works
fine for anonymous reading. But I also want this anonymous access on
svnserve.
svnserve is configured for logging all accesses, but the log doesn't record
anything during theses failing anonymous accesses.
svnserve is launched through the "inetd.conf" file, and the corresponding
svn stream tcp nowait www-data
/usr/bin/svnserve svnserve -i --log-file /var/log/svnserve.log -r
/var/lib/svn
I don't understand why it doesn't work.
Isn't it enough to set "anon-access = read" for allowing anonymous reading
access ?
What am I doing wrong ?
Best regards,
Gingko
Hello again,
While searching on the web, I found a one year old message thread from
this very same list describing, on its very last message, a case that
looks like my one.
Unfortunately, the question has never been answered (maybe because not
clearly asked, or maybe because the message was sent just before
Subversion moved from Tigris to Apache?).
http://svn.haxx.se/users/archive-2009-11/0313.shtml
Please, could you confirm that it is really possible to use svnserve with
SASL (for writing), AND allowing anonymous read access at once?
Gingko
Gingko
2010-11-10 22:25:20 UTC
Permalink
Post by Gingko
----- Original Message -----
Sent: Wednesday, November 10, 2010 10:45 PM
Subject: Re: svnserve : anonymous access not working
Post by Daniel Shahaf
I agree that anon-access=read should work. From looking at the code,
I'm not sure whether the SASL glue logic signals "I couldn't auth this
user", or just returns an error. In the meantime, as a workaround, does
adding ANONYMOUS to the mech_list achieve the desired behaviour?
Thank you very much for your answer.

But I'm sorry. adding ANONYMOUS to the mech_list (followed by a restart of
svnserve through openbsd-inetd) doesn't change anything.

Gingko

P.S. : In the meantime, I found another message again from this list
regarding the same problem :
http://svn.haxx.se/users/archive-2008-09/0416.shtml
Gingko
2010-11-13 20:18:14 UTC
Permalink
----- Original Message -----
From: "Daniel Shahaf" <***@daniel.shahaf.name>
To: "Gingko" <***@nospam.homelinux.org>
Cc: "Subversion User List" <***@subversion.apache.org>
Sent: Wednesday, November 10, 2010 10:45 PM
Subject: Re: svnserve : anonymous access not working
Post by Daniel Shahaf
I agree that anon-access=read should work. From looking at the code,
I'm not sure whether the SASL glue logic signals "I couldn't auth this
user", or just returns an error. In the meantime, as a workaround, does
adding ANONYMOUS to the mech_list achieve the desired behaviour?
Hello,

Anything new on this subject ?
Is there another workaround that you could suggest ?

Maybe I should file a bug report about it on your issue tracker
(http://subversion.apache.org/issue-tracker.html) ?

Gingko
Daniel Shahaf
2010-11-15 15:36:49 UTC
Permalink
----- Original Message ----- From: "Daniel Shahaf"
Sent: Wednesday, November 10, 2010 10:45 PM
Subject: Re: svnserve : anonymous access not working
Post by Daniel Shahaf
I agree that anon-access=read should work. From looking at the code,
I'm not sure whether the SASL glue logic signals "I couldn't auth this
user", or just returns an error. In the meantime, as a workaround, does
adding ANONYMOUS to the mech_list achieve the desired behaviour?
Hello,
Anything new on this subject ?
Is there another workaround that you could suggest ?
Unfortunately no. I don't have an SASL setup myself, my advise was
based mostly on reading the code.
Maybe I should file a bug report about it on your issue tracker
(http://subversion.apache.org/issue-tracker.html) ?
I hope someone more familiar with SASL could comment.

But if after scanning the usual places (book, archives, SASL docs) you
haven't managed to get SASL + anonymous access to interact properly, I'm
fine with recording an issue for this. (It might turn out to be
a documentation issue, but that's still a bug.)

Please link to this thread from the issue.
Gingko
Bob Archer
2010-11-17 14:40:17 UTC
Permalink
Post by Gingko
I want to configure it for allowing anonymous users to read it, but this
if I checkout (using TortoiseSVN), I am always asked to supply my password.
If I do it, the checkout works fine.
Otherwise I cannot checkout.
And if I click "OK" (in the TortoiseSVN authentication dialog)
without
giving any authentication (leaving all fields empty), I get the following
SASL(-1): generic failure: Unable to find a callback: 2
svnserve (from Subversion 1.6.12) runs on a Linux server with
Debian lenny
5.0 (64 bit edition).
-------------------------------------------------------------------
-----------------------------
[general]
anon-access = read
auth-access = write
realm = Référentiel Pouchin TV Mod
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
-------------------------------------------------------------------
-----------------------------
For SASL, I have also a "svn.conf" file in the "/etc/" directory, containing
the
-------------------------------------------------------------------
-----------------------------
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /var/lib/svn/sasldb
mech_list: DIGEST-MD5
-------------------------------------------------------------------
-----------------------------
Note that there is also an Apache access, running concurrently, which works
fine for anonymous reading. But I also want this anonymous access on
svnserve.
svnserve is configured for logging all accesses, but the log
doesn't record
anything during theses failing anonymous accesses.
svnserve is launched through the "inetd.conf" file, and the
corresponding
svn stream tcp nowait
www-data
/usr/bin/svnserve svnserve -i --log-file /var/log/svnserve.log -r
/var/lib/svn
I don't understand why it doesn't work.
Isn't it enough to set "anon-access = read" for allowing anonymous reading
access ?
Are you using path based authorization too?

BOb
Gingko
2010-11-17 18:26:39 UTC
Permalink
Post by Gingko
----- Original Message -----
Sent: Wednesday, November 17, 2010 3:40 PM
Subject: RE: svnserve : anonymous access not working
[......]
Isn't it enough to set "anon-access = read" for allowing anonymous reading
access ?
Are you using path based authorization too?
BOb
I'm sorry, but I'm not sure to understand you very well ...

What do you mean, exactly ?

Gingko
Bob Archer
2010-11-17 19:14:49 UTC
Permalink
-----Original Message-----
Sent: Wednesday, November 17, 2010 1:27 PM
To: Subversion User List
Subject: Re: svnserve : anonymous access not working
Post by Gingko
----- Original Message -----
List"
Post by Gingko
Sent: Wednesday, November 17, 2010 3:40 PM
Subject: RE: svnserve : anonymous access not working
[......]
Isn't it enough to set "anon-access = read" for allowing
anonymous
Post by Gingko
reading
access ?
Are you using path based authorization too?
BOb
I'm sorry, but I'm not sure to understand you very well ...
What do you mean, exactly ?
Gingko
Did you set up an authz file where you specify what users can access certain paths?

BOb
Gingko
2010-11-17 21:14:35 UTC
Permalink
Post by Gingko
----- Original Message -----
Sent: Wednesday, November 17, 2010 8:14 PM
Subject: RE: svnserve : anonymous access not working
-----Original Message-----
Sent: Wednesday, November 17, 2010 1:27 PM
To: Subversion User List
Subject: Re: svnserve : anonymous access not working
Post by Gingko
----- Original Message -----
List"
Post by Gingko
Are you using path based authorization too?
BOb
I'm sorry, but I'm not sure to understand you very well ...
What do you mean, exactly ?
Gingko
Did you set up an authz file where you specify what users can access certain paths?
BOb
Ok, I see what you mean.

No. I don't use any authz file in my configuration.

Gingko

Loading...