This is a multi-part message in MIME format.
--
I see that in the latest development snapshot, in
HKEY_LOCAL_MACHINE\Software there are now two keys for CVSNT: "Cvsnt"
and "CVS". I think it would be better to have just one key. Is that what
you are planning on doing (merging HKLM\Software\CVS to
HKLM\Software\Cvsnt and merging HKLM\Software\CVS\Pserver into
HKLM\Software\CVS\server)?
Also, here is a one-line patch that prevents the client from giving away
delegation privileges to the server. Delegation is fairly dangerous and
is not needed for CVSNT as far as I can tell (impersonation lets the
server act as the client on the local server; delegation lets the server
act as the client locally _and_ over the network). NTLM doesn't support
delegation anyway; if you run the :sspi: authentication code in a
debugger, you will see that InitializeSecurityContext actually clears
the "delegation" flag unless the server has been given extra privileges
by the domain administrators.
Thanks,
Brian
--
? ufc-crypt/Debug
Index: protocols/sspi.c
===================================================================
RCS file: /usr/local/cvs/cvsnt/protocols/sspi.c,v
retrieving revision 1.9.2.1
diff -u -r1.9.2.1 sspi.c
--- protocols/sspi.c 3 Mar 2002 12:59:56 -0000 1.9.2.1
+++ protocols/sspi.c 4 Mar 2002 05:42:45 -0000
@@ -91,7 +91,6 @@
const ULONG contextRequirements = ISC_REQ_REPLAY_DETECT |
ISC_REQ_SEQUENCE_DETECT |
ISC_REQ_CONFIDENTIALITY |
-
ISC_REQ_DELEGATE |
ISC_REQ_MUTUAL_AUTH;
assert(verify_only == 0);
--
_______________________________________________
Cvsnt mailing list
[EMAIL PROTECTED]
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
