服务器的身份验证错误:SASL(-13):找不到用户:无法进行canonify
[英]Authentication error from server: SASL(-13): user not found: unable to canonify
问题描述
Ok, so I'm trying to configure and install svnserve on my Ubuntu server. 
好的,所以我正在尝试在我的Ubuntu服务器上配置和安装svnserve。 So far so good, up to the point where I try to configure sasl (to prevent plain-text passwords). 到目前为止一直很好,直到我尝试配置sasl(以防止纯文本密码)。
So; 所以; I installed svnserve and made it run as a daemon (also installed it as a startup script with the command svnserve -d -r /var/svn ). 我安装了svnserve并使其作为守护程序运行(也使用命令svnserve -d -r /var/svn将其安装为启动脚本)。
My repository is in /var/svn and has following configuration (to be found in /var/svn/myrepo/conf/svnserve.conf) (I left comments out): 我的存储库位于/var/svn并具有以下配置(可在/var/svn/myrepo/conf/svnserve.conf)找到/var/svn/myrepo/conf/svnserve.conf) (我留下了注释):
[general]
anon-access = none
auth-access = write
realm = my_repo
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
Over to sasl, I created a svn.conf file in /usr/lib/sasl2/ : 在sasl上,我在/usr/lib/sasl2/创建了一个svn.conf文件:
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /etc/my_sasldb
mech_list: DIGEST-MD5
I created it in that folder as the article at this link suggested: http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl (and also because it existed and was listed as a result when I executed locate sasl ). 我在该文件夹中创建了它,如本链接中的文章所示: http : //svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl (也因为它存在并且在我执行locate sasl时被列为结果。
Right after that I executed this command: 在那之后我执行了这个命令:
saslpasswd2 -c -f /etc/my_sasldb -u my_repo USERNAME
Which also asked me for a password twice, which I supplied. 这也问我两次密码,我提供了。 All going great. 一切都很好。 When issuing the following command: 发出以下命令时:
sasldblistusers2 -f /etc/my_sasldb
I get the - correct, as far as I can see - result: 我得到了 - 正如我所看到的那样 - 结果:
USERNAME@my_repo: userPassword
Restarted svnserve, also restarted the whole server, and tried to connect. 重启svnserve,也重启了整个服务器,并尝试连接。 This was the result from my TortoiseSVN client: 这是我的TortoiseSVN客户端的结果:
Authentication error from server: SASL(-13): user not found: unable to canonify
user and get auxprops
I have no clue at all in what I'm doing wrong. 我完全不知道自己做错了什么。 I've been scouring the web for the past few hours, but haven't found anything but that I might need to move the svn.conf file to another location - for example, the install location of subversion itself. 过去几个小时我一直在网上搜索,但除了我可能需要将svn.conf文件移动到另一个位置之外没有找到任何东西 - 例如,subversion本身的安装位置。 which svn results in /usr/bin/svn , thus I moved the svn.conf to /usr/bin (although that doesn't feel right to me). which svn导致/usr/bin/svn ,因此我将svn.conf移动到/usr/bin (虽然这对我来说不合适)。
Still doesn't work, even after a new reboot. 即使在重新启动后仍然无法正常工作。
I'm running out of ideas. 我的想法已经不多了。 Anyone else? 还有谁?
EDIT 编辑
I tried changing this (according to what some other forums on the internet told me to do): in the file /etc/default/saslauthd , I changed 我尝试改变这个(根据互联网上的一些其他论坛告诉我要做的):在文件/etc/default/saslauthd ,我改变了
START=no
MECHANISMS="pam"
to 至
START=yes
MECHANISMS="sasldb"
(Actually I had already changed START=no to START=yes before, but I forgot to mention it). (实际上我之前已经将START=no更改为START=yes ,但我忘了提及它)。 But still no luck (I did reboot the whole server). 但仍然没有运气(我确实重启了整个服务器)。
2 个解决方案
解决方案1
1 2014-02-27 12:49:24
I looked in /var/log/messages and found 我查看了/ var / log / messages并找到了
localhost svnserve: unable to open Berkeley db /etc/sasldb2: No such file or directory localhost svnserve:无法打开Berkeley db / etc / sasldb2:没有这样的文件或目录
When I created the sasldb to the above file and got the permissions right, it worked. 当我将sasldb创建到上面的文件并获得权限时,它工作。 Looks like it ignores or does not use the sasl database path. 看起来它忽略或不使用sasl数据库路径。
There was another suggestion that rebooting solved the problem but that option was not available to me. 还有另一个建议,重新启动解决了问题,但我无法使用该选项。
解决方案2
1 已采纳 2015-05-08 06:52:31
It looks like svnserve uses default values for SASL... 看起来svnserve使用SASL的默认值...
Check /etc/sasl2/svn.conf to be readable by the svnserver process owner. 检查/etc/sasl2/svn.conf是否可供svnserver进程所有者读取。 If /etc/sasl2/svn.conf is owned by user root, group root and --rw------, svnserve uses the default values. 如果/etc/sasl2/svn.conf由root用户root,group root和--rw ------拥有,则svnserve使用默认值。 You will not be warned by any log file entry.. 任何日志文件条目都不会警告您。
see section 4 of https://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt : 请参阅https://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt的第4部分:
This file must be named svn.conf, and must be readable by the svnserve process.
I recommend to install the package cyrus-sasl2-doc and to read the section Cyrus SASL for System Administrators carefully. 我建议安装软件包cyrus-sasl2-doc并仔细阅读Cyrus SASL for System Administrators一节。
I expect this is caused by the SASL API for the call 我希望这是由呼叫的SASL API引起的
result = sasl_server_new(SVN_RA_SVN_SASL_NAME,
hostname, b->realm,
localaddrport, remoteaddrport,
NULL, SASL_SUCCESS_DATA,
&sasl_ctx);
if (result != SASL_OK)
{
svn_error_t *err = svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
sasl_errstring(result, NULL, NULL));
SVN_ERR(write_failure(conn, pool, &err));
return svn_ra_svn__flush(conn, pool);
}
as you may see, handling the access failure by svnserve is not foreseen, only Ok or error is expected... 正如您所看到的,未预见到svnserve处理访问失败,只有Ok或预期错误...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.