mod_auth_kerb: request is a replay? - Kerberos

This is a discussion on mod_auth_kerb: request is a replay? - Kerberos ; I'm now try to build svn authentication via http and Kerberos, by mod_auth_kerb, the content of httpd.conf like this: DAV svn SVNParentPath /var/www/html/docs/repos AuthType Kerberos AuthName "Kerberos" Krb5Keytab /opt/http.keytab Require valid-user Then I used svn on Linux and TortoiseSVN on ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: mod_auth_kerb: request is a replay?

  1. mod_auth_kerb: request is a replay?

    I'm now try to build svn authentication via http and Kerberos, by
    mod_auth_kerb, the content of httpd.conf like this:

    DAV svn
    SVNParentPath /var/www/html/docs/repos
    AuthType Kerberos
    AuthName "Kerberos"
    Krb5Keytab /opt/http.keytab
    Require valid-user


    Then I used svn on Linux and TortoiseSVN on Windows to checkout the
    repos:
    svn co http://hostname/repos/sysdam

    But the several times' results are always not consistent, like this:
    [root@docs tmp]# svn co http://docs.shopex.cn/repos/sysadm
    Authentication realm: Kerberos
    Password for 'rocky':
    svn: REPORT request failed on '/repos/sysadm/!svn/vcc/default'
    svn: Not authorized to open root of edit operation
    [root@docs tmp]# svn co http://docs.shopex.cn/repos/sysadm
    Authentication realm: Kerberos
    Password for 'rocky':
    Authentication realm: Kerberos
    Password for 'rocky':
    Authentication realm: Kerberos
    Password for 'rocky':
    Authentication realm: Kerberos
    Username: rocky
    Password for 'rocky':
    svn: REPORT request failed on '/repos/sysadm/!svn/vcc/default'
    svn: Not authorized to open root of edit operation
    [root@docs tmp]# svn co http://docs.shopex.cn/repos/sysadm
    Authentication realm: Kerberos
    Password for 'rocky':
    Authentication realm: Kerberos
    Password for 'rocky':
    Authentication realm: Kerberos
    Password for 'rocky':
    Authentication realm: Kerberos
    Password for 'rocky':
    A sysadm/index.t2t
    A sysadm/sa_svn.t2t
    A sysadm/mindmap
    A sysadm/sa_fs_backup.t2t
    A sysadm/sa_mailman.t2t
    A sysadm/mm_images
    A sysadm/sa_aa_openldap.t2t
    Checked out revision 24.
    [root@docs tmp]# cd sysadm/
    [root@docs sysadm]# svn update
    Authentication realm: Kerberos
    Password for 'rocky':
    A sa_aa_kerberos.t2t
    Updated to revision 24.
    [root@docs sysadm]# svn update
    svn: Failed to add directory 'mindmap': object of the same name
    already exists

    Even the 'checkout' was 'done', I found some files/dirs are missed!

    And there are many records in apache's logs/error.log
    [Thu Apr 05 12:30:18 2007] [error] [client 192.168.0.98] failed to
    verify krb5 credentials: Request is a replay
    [Thu Apr 05 12:30:18 2007] [error] [client 192.168.0.98] failed to
    verify krb5 credentials: Request is a replay
    [Thu Apr 05 12:31:05 2007] [error] [client 192.168.0.98] failed to
    verify krb5 credentials: Request is a replay
    [Thu Apr 05 12:31:05 2007] [error] [client 192.168.0.98] failed to
    verify krb5 credentials: Request is a replay
    [Thu Apr 05 12:31:05 2007] [error] [client 192.168.0.98] failed to
    verify krb5 credentials: Request is a replay
    [Thu Apr 05 12:31:07 2007] [error] [client 192.168.0.98] failed to
    verify krb5 credentials: Request is a replay
    [Thu Apr 05 12:31:07 2007] [error] [client 192.168.0.98] failed to
    verify krb5 credentials: Request is a replay

    I accessed the repos via firefox browser, the:
    [Thu Apr 05 12:34:49 2007] [error] [client 192.168.0.64] failed to
    verify krb5 credentials: Request is a replay
    remains, but the result seems ok.

    So what is wrong?

    Thank you.


  2. Re: mod_auth_kerb: request is a replay?

    I just add a option:
    KrbVerifyKDC off
    then it works.

    But I still not very clear about the reasons...?


+ Reply to Thread