Community
Participate
Working Groups
Build ID: M20090211-1700 Steps To Reproduce: After updating MyLyn to the latest version (v3.1) the Trac authentification does not work anymore. I changed nothing else and all worked perfectly before the update. A look into the Apache logfile give me the following information: before the update: ip - username [19/Mar/2009:10:30:01 +0100] "POST /project/login/xmlrpc HTTP/1.1" 200 168 ip - username [19/Mar/2009:10:30:01 +0100] "POST /project/login/xmlrpc HTTP/1.1" 200 3075 after the update: ip - - [19/Mar/2009:10:04:22 +0100] "HEAD /project/login/xmlrpc HTTP/1.1" 401 - ip - - [19/Mar/2009:10:04:22 +0100] "POST /project/login/xmlrpc HTTP/1.1" 401 401 ip - - [19/Mar/2009:10:04:22 +0100] "POST /project/login/xmlrpc HTTP/1.1" 401 401 More information:
Hi Achim, did you check the Trac repository settings (user/pw) and use "Validate Settings"? Jörg
Yes of course. I get always the error "Unable to authenticate with repository. Login credentials invalid.". But the password is correct because my SVN access works perfectly with the same username and password. Trac worked yesterday until i updated to the latest Mylyn version. I restarted Eclipse and Trac does not work anymore. I changed nothing else on my system or the server.
(In reply to comment #2) > Yes of course. I get always the error "Unable to authenticate with repository. > Login credentials invalid.". But the password is correct because my SVN access > works perfectly with the same username and password. > > Trac worked yesterday until i updated to the latest Mylyn version. I restarted > Eclipse and Trac does not work anymore. I changed nothing else on my system or > the server. I am also using the newest version from the weekly update site. This version has been promoted to the 3.1 release so the software should be the same. If I have some time to switch to the real 3.1 release, I could test whether it continues to work for me (Trac 0.10.4).
I have the same issue. After updating Mylyn and the Trac connector to version 3.1.0.v20090315-1500-e3x, I can no longer authenticate against my Trac repository, and it worked perfectly before. I have tried removing the old and creating a new repository - no luck.
Jens, Achim, can you provide details about configuration such as the version of Apache used, whether you use CGI and mod_python and basic auth or digest auth?
Sure: Trac 0.11.2.1 Apache 2.0.62 (on WINDOWS) mod_python (python 2.5) mod_auth_sspi 1.0.4
Trac 0.11.1 Apache 2.2.9 mod_ssl 2.2.9 OpenSSL 0.9.8h mod_auth_sspi 1.0.4 mod_python with Python 2.5 We use SSL for our Subversion and Trac access. May be it has something to do with SSL or mod_auth_sspi... Apache configuration: <LocationMatch /[[:alnum:]_-]+/login/xmlrpc> SSLRequireSSL SVNParentPath D:/subversion AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIDomain <domaincontroller> SSPIOfferBasic On SSPIBasicPreferred On SSPIOmitDomain On SSPIUsernameCase lower AuthzSVNAccessFile "C:/Program Files/Apache/conf/svnaccess" Require valid-user </LocationMatch>
We do not use SSL (as the server is not public). But mod_auth_sspi does seem to light up as the common ground...
I am not able to reproduce the error due to a lack of a Windows Trac test setup. It would be helpful if someone could post the headers of a failed Trac request following these instructions to enable debug output: http://wiki.eclipse.org/Mylyn/FAQ#How_do_I_enable_debugging_output_for_network_communications.3F . Please make sure to remove any private information before posting the headers.
Created attachment 130199 [details] mylyn/context/zip
Hmm i can't get it working. Thats the contents of my ini file: 256M -startup plugins\org.eclipse.equinox.launcher_1.0.101.R34x_v20081125.jar -showsplash org.eclipse.platform --launcher.XXMaxPermSize 256m -vmargs -Dosgi.requiredJavaVersion=1.5 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog -Dorg.apache.commons.logging.simplelog.showlogname=true -Dorg.apache.commons.logging.simplelog.defaultlog=off -Dorg.apache.commons.logging.simplelog.log.httpclient.wire.header=debug -Dorg.apache.commons.logging.simplelog.log.org.apache.commons.httpclient=off -Dorg.apache.commons.logging.simplelog.log.org.apache.axis.message=debug -Dorg.apache.commons.logging.simplelog.log.httpclient.wire.content=debug -Xms40m -Xmx256m I startet cmd.exe and now Eclipse.exe but i do not get any logs.
Can you try to start eclipse with "-consolelog"? This might be required on Windows for Eclipse to have a console to write to.
Created attachment 130211 [details] eclipse debug output
I have committed a fix for NTLM authentication. It would be great if you could verify that the problem is fixed in the latest weekly build (3.2.0.I20090402-1000) of the Trac connector. It is available from this update site: http://download.eclipse.org/tools/mylyn/update/weekly/extras
Seems to work again. Thx!
Works fine here also - thanx for the quick fix :-)
Created attachment 131484 [details] fix
Achim, Jens, thanks for the feedback. Marking resolved.
Created attachment 131535 [details] updated patch
I believe this is the same issue I was facing. I had 3.1.1.v20090411-0400.e3x installed, but calls via HTTP were not sending the basic authentication header (I verified this using an HTTP proxy.) I tried upgrading the 3.2 weekly build, but that fared no better. I ended up having to disable all the Mylyn plug-ins and then go through and uninstall every version but the base v3.0.5 that came with my Ganymede install. Rolling back to v3.0.5.v20090218-1800-e3x and then installing the Trac connector has resolved the issue for me.
Dan, it would be helpful if you could provide additional details about your configuration such as the Apache authentication module used etc. to help reproduce the problem. The existing test cases for basic authentication all pass with the latest version of the Trac connector.
Here you go: Apache 2.2.4 Trac 0.10.4 Python 2.4 XMLRPC Plug-in 0.10 (r5577) mod_auth_sspi v1.0.4.2.2.2 I'm also using a self signed cert and force everything through HTTPS. What's weird is watching the HTTP traffic, the authentication header just never gets sent. I wish I would have saved my HTTP logs, but all I was seeing was 3 consecutive failed requests to: https://server/xmlrpc/login None of the request past the basic authentication header. All of the version of Mylyn that do work, all pass the header. Here's my location info: <Location /> AuthName "server info" AuthType SSPI SSPIAuth On SSPIAuthoritative On # set the domain to authorize against SSPIDomain [domain] SSPIOfferBasic On # let non-IE clients authenticate SSPIOmitDomain On # keep domain name in userid string SSPIBasicPreferred On # basic authentication should have higher priority # require the Trac Users group require group "[group name]" </Location> Also, as I said I am using SSL with a self-signed 128bit cert. Let me know if you need more info.
Would you be able to setup a separate instance of Eclipse with the latest release of Mylyn? It would be very helpful to see the debug output that can be enabled following these instructions and starting eclipse with -consolelog: http://wiki.eclipse.org/Mylyn/FAQ#How_do_I_enable_debugging_output_for_network_communications.3F
I've updated my Trac connector to version 3.2.0.I20090529-0600-e3x and today to version 3.2.0.I20090531-0500-e3x, but none of them works against our SSPI auth setup (We have not changed anything on the server since comment #6 in March). As I wrote back in the beginning of April version 3.2.0.I20090402-1000 did work!
Created attachment 137988 [details] Console log of "Validate settings" for TRAC connector
