[cvsnt] Re: Password file in addition to NT Authentication?

[Siegfried Heintze]

>> I'm using pserver only because that seems to be simplest and I'm trying
to
>> grant someone else (Marty) access to my repository.
>
>SSPI is actually a little simpler still.  As long as Marty has a valid 
>account that will allow access to your machine (on the machine or in a 
>trusted domain) then he can use that account to connect in a reasonably 
>secure manner.

So SSPI is already running on the server and I don't have to change anything
on the server? I would think I would at least have to disable the pserver so
no one would use it to compromise my security.

>readers / writers files:  Files in CVSROOT that control overall status 
>to the repository.  Controls only at the entire repository level, user 
>based.
>

In which document are these described? I have not see them in the
documentation.


>The simplest way to grant him access is to:
>1)  Make sure that Marty's user account on W2003 allows him control on 
>the repository files.
>

All of them? Directories too?

>
>If you don't want to create a Win2003 account for Marty then you can add 
>him to the passwd file with the "cvs passwd" command.  I suggest the 
>SSPI setup described above since it's dead simple.
>

Ah hah! That is what the passwd command is for! I kept trying to use it with
pserver in June or May and I could not get it to work. Does the passwd
command only work with SSPI? If so, that would explain my frustration!

I thought I read somewhere that creating NT accounts was more secure. Now I
think you are telling me that SSPI using the passwd command is more secure.
Is that correct? Perhaps I'm mistaken.

>
>You don't necessarily need to.  The default setting "Use System 
>Authentication" tells CVSNT to try and validate against the Win user 
>accts anyway.
>

Where is this setting?

Thanks,
         Siegfried