[cvsnt] Re: Authentication problems
Tony Hoyle
tmh at nodomain.org
Fri Aug 13 14:37:37 BST 2004
Thomas Keller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello there!
>
> I recently tried to upgrade from cvs to cvsnt on my Redhat 7.3 box. I setupped
> a chrooted jail for the "normal" cvs which worked quite fine for months. Now
> after I copied the newly compiled cvsnt binaries and other needed libs
> (kerberos and stuff) into the jail the cvs access fails with
>
> cvs [login aborted]: bad auth protocol start: BEGIN AUTH REQUEST
You can't just copy the files from CVSNT into a chroot jail and expect
it to work. You'd have to duplicate the all the library paths and
dependencies exactly to have any hope, which defeats the point of a chroot.
It's more secure to let CVSNT do the chroot itself (Requires 2.0.51b or
later). Set the Chroot variable in /etc/cvsnt/PServer and it'll chroot
after doing the authentication - you no longer need to put any libraries
in the chroot which is much safer (it just needs a /tmp to put the
temporary files in).
Tony
More information about the cvsnt
mailing list