[cvsnt] SSPI Authentication Lifetime?
Jon McLin
jmclin at andigilog.com
Sun Aug 8 20:28:27 BST 2004
When a user authenticates to CVS using SSPI, what determines the
lifetime of the authentication? We have observed what seems to be a
security issue with respect to this, so I am trying to understand the
behavior.
In our application, we have CVSNT 2.041a running on an NT4 server to
control production software. A limited number of users (the software
developers) can access the repository via Windows permissions (members
of group 'CVS Users'.
Our client software is TortoiseCVS, and, in the developers IDE, "cvs
proxy" (scc api) from pushok software (pushok.com). Both of these
clients use CVS NT as the CVS component.
Here's the issue:
On a QA machine, configured as a production machine, a developer logged
in as a non-privileged user and checked out and checked in some files
(as part of our qualification plan). He used his login name in CVSROOT,
since the user logged into the PC did not have CVS privileges. The
first time he connected, a password dialog appeared. Subsequent
invocations do not result in a password dialog. This behavior persists
even though the non-privileged user has logged off of the machine, and
back on.
The consequence of this is that the non-privileged user now effectively
has full privileges on CVS. This is a bad thing.
Why does this occur? What is the lifetime and scope of an
authentication in CVSNT? Is there a way for forcibly terminate these
privileges?
Best regards,
Jon McLin
More information about the cvsnt
mailing list