0

System information

  • Server: Apache 2.2
  • Subversion: 1.8

We are using Kerberos + Apache + Subversion. We have until recently been using Subversion 1.5's dav_svn module. We are attempting to update to 1.8.

When a client runs a long checkout with the 1.8 based dav_svn module, the following error message is emitted.

[Thu May 15 22:30:29 2014] [error] [client 283.10.15.26] gss_accept_sec_context() failed: The referenced credential has expired (, )

The client can renew its tickets, but it appears apache is stuck dealing with the first one. Any ideas on what I can check next?

Andrew B
  • 32,588
  • 12
  • 93
  • 131
JonnyRo
  • 101
  • 1
  • 1
    It might be easier overall to increase the ticket lifetime in the kerberos policy for that principal. – Matthew Ife May 16 '14 at 18:57
  • That is actually the workaround we used. That being said, its interesting that this error occurs with subversion 1.8 and not with subversion 1.5 – JonnyRo May 16 '14 at 19:13

1 Answers1

0

It looks like a bug in Serf library used by Subversion 1.8 for HTTP access. Could you please eport this problem to Serf project issue tracker: https://code.google.com/p/serf/issues/list

The problem didn't occur with Subversion 1.5 because Subversion 1.8 uses so-called 'skelta mode' for checkouts and updates. Skelta mode uses one HTTP request and response per resource that needs to be fetched from the server, whereas bulk update mode fetches all resources in one massive response: http://subversion.apache.org/docs/release-notes/1.8.html#serf-skelta-default

As workaround you may add 'SVNBulkUpdates prefer' Apache directive to your server config to force Subversion clients use old bulk update mode that uses one big request for checkout/update.

Ivan Zhakov
  • 1,836
  • 14
  • 15