[CentOS] complicated svn, apache, krb5 and selinux problem

Wed Nov 27 21:19:34 UTC 2013
m.roth at 5-cent.us <m.roth at 5-cent.us>

CentOS 6.4.

We've got a subversion repo on a server. Currently, it's set to use krb5.
Trouble is, the krb5.conf is set up to use pcscd authentication (using PIV
cards). Whether anything else on the server needs it, it appears that when
people issue certain svn commands (I haven't nailed down which), the thing
tries to look at the pcscd.pid... and selinux complains that this is
naughty. (We're in permissive mode.)

I don't know deeply enough if anything else really needs to do this on the
server, but I'd like to fix it so that doing svn stuff does *not* invoke
that call. It *appears* if I comment out the pkinit_identities, we don't
get the error (for obvious reasons).

Ideally, I'd like to find some way to configure subversion - maybe in the
/etc/httpd/conf.d/subversion.conf - so that it doesn't try that, but we
*do* want it to do password krb5 authentication.

Does this make sense? If so, is it do-able?

       mark, back at googling