Kind of similar question... Still using build 27, but I have some background to the pserver / ntserver authentication issue, and I also saw a note on the devguy site about :pserver not working on NT.
I am using pserver authentication on NT, and it does work, if: a) You are also admin on the server (not perhaps too practical!), OR b) You use a *different* login name to any accounts that exist. What happens if you try to use the same login name, but different password (to protect plain text pwds), is that CVS gets as far as creating temp files, then can't move them into the cvsroot tree as ntserver impersonation seems to be still working (though you've not asked for it) and appears (by looking at who owns the temp files) to make them owned by the login name. I assume, cvs has the wrong password now as it has the NT login name, but CVS password. CVS.exe then freezes, trying to move them. Anyway, that's my diagnosis, and my workround is to use different CVS names. Perhaps in pserver mode cvs should make the files owned by system? Is this of any help, Tony? > I changed the subject since 'no subject really does little to create a > good thread...) > > Some answers: > 1. Yes, I think so with 1.11.1.x and up, with 1.10.8 the > authentication is done only on the password file for :pserver: and if > a user is validated there CVSNT accepts the connection. I am still > using 1.10.8 so i don't know for sure. > > 2. Same cleartext *never* generates the same encrypted string! Easily > tested by repeating the generation a few times over. However all of > these different encrypted string generate some kind of common > validation against the given password. Some UNIX magic I suppose. > > 3. As is described here many times by me and Terris: > Put the repository on a disk where there is NOT ONE SINGLE share. Then > lock away the CVS server in a server room and hide the keys. Now the > users MUST use CVS to access the repository and they can do no harm. > > /Bo > > On Tue, 27 Nov 2001 00:11:14 +0000 (UTC), "Yeh, Tean-Shong (Bob)" > <[EMAIL PROTECTED]> wrote: > > >server: CVSNT 1.11.1.2 build 41, installed on NT 4.0 D:\CVS > >client WINCVS 1.2 > > > >Set my CVSROOT to :pserver:userdom\yeht@cvsntserver:d:\cvs, SystemAuth=yes. > >User yeht on domain userdom can access cvs server cvsntserver. No problem. > > > >Cnage SystemAuth=no. Bounce the CVS service. It is still trying to > >authenticate the user yeht using the NT domain. Can't figure it out why. > > > >more questions: > >1. If SystemAuth=no, does the user id in the passwd file still need to be > >one of the network user id? > >2. When using pwgen.exe to generate password, does the same clear text > >always produce the same encrypted string? > >3. I can't find a good way to prevent CVS users mess around the repository. > >I have to give them the r/w permission for them to login in but I don't want > >them to create directory in certain places. Any suggestions? > > > >Thanks > >Bob > >_______________________________________________ > >Cvsnt mailing list > >[EMAIL PROTECTED] > >http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt > > _______________________________________________ > Cvsnt mailing list > [EMAIL PROTECTED] > http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt _______________________________________________ Cvsnt mailing list [EMAIL PROTECTED] http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
