[Cvsnt] Secure Linux Client Access
Brian Smith
brian-l-smith at uiowa.edu
Tue Feb 12 18:03:45 GMT 2002
Jonah Tsai wrote:
>
> On Friday, February 8, 2002, at 07:15 PM, Brian Smith wrote:
>
> have exactly one user that would like to access the CVS repository
> from a linux box. The server is CVSNT with NTSERVER authentication.
> What
> is the easiest way to support this one user's linux client in a secure
> manner? I want to support this user without affecting all the other
> users that all (will) use TortoiseCVS in NTSERVER mode.
>
> I know this user can interact with our domain's KDC so that he can use
> his Windows 2000 domain login on his linux box. Is there some way to
> use
> NTSERVER mode with the linux client? Or do I have to do something
> special to enable full Kerberos support on server side? If I have to
> set
> up Kerberos on the server, where can I find information about how to do
> it? The README.NT just says "consult a Kerberos expert."
>
>
> I am no Kerberos expert. By no means that I proclaim being a Kerberos
> expert by answering this question here!!!
>
> Basically, you need to do these:
> 1. on the KDC, add a cvs/<cvsservername>.<REALM> service principal with
> random key.
> 2. add/export this service key to the krb5.keytab (krb5kt on Windows) on
> the CVS server,
> 3. configure the CVS server to use the KDC which holds the service key
> (krb5.conf on Unix, krb5.ini on Windows).
Thanks for the help! Actually, our Kerberos KDC's are Windows 2000
Active Directory, not Unix. But, I think I can get things to work with
AD okay according to these instructions.
Thanks again,
Brian
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list