Solution to possible SmartSVN’s SASL authentication problems

For svnserve, SASL is configured in the sasl section of conf/svnserve.conf, see below.

Depending on the Java Virtual Machine settings, high values for min-encryption may cause the authentication to fail. A solution is either to decrease this value or to upgrade the JVM to support the requested cipher strength.

Another cause for failures may be usage of too old JVMs. SASL authentication requires Java 1.5 or higher.

A working example

The conf/svnserve.conf file.
For details refer to here.

In /etc/sasl2 there are following files:


-rw-r--r-- 1 root root 49152 Apr 01 2009 sasldb_svn
-rw-rw-rw- 1 root root 135 Apr 01 2009 svn.conf

The /etc/sasl2/svn.conf is automatically read by svnserve (because it advertises itself as "svn").
Its list contains all possible mechanisms to use. When it comes to a handshake only those are used that satisfy svnserve.conf conditions (anonymous access support, encryption support, etc). Users and their passwords are validated against sasldb_svn database. A possible output of


# sasldblistusers2 /etc/sasl2/sasldb_svn

might look like:


alex@svnkit.com: password
ivan@somewhereelse: password

Only alex has access to the repository with “svnkit.com” realm.