[cvsnt] Re: Linux and Windows Single-Sign-On
Tony Hoyle
tmh at nodomain.org
Wed May 12 18:07:05 BST 2004
On Wed, 12 May 2004 12:45:16 -0400, "Jess Murphy" <jessm at OWWCO.com>
wrote:
>>authenticate against the repository they are trying to access on the
>Debian box. This works great with Samba/Winbind and native Windows
>applications but I have not been able to do this with CVSNT. What do
>you suggest?
>
PAM should allow this, as long as the users exist in some form on the
Linux box (which I assume they do from your description). You can't
use SSPI authentication which I assume you're talking about as it's
not supported on Linux, so you're down to pserver,sserver and ssh -
They'll still need to login, though. If security is an issue I
recommend sserver or ssh.
The samba developers have spend years making their software
interoperate seamlessly. There isn't a realistic hope of cvsnt using
this method of authentication as it's all tied into the samba core and
not in a state that can be used.
You could also bypass the whole authentication and setup
gserver/kerberos authentication, but running a linux server against AD
is nontrivial (it seems to work as a client, but the server generally
fails.. Someone with enough AD/Kerberos experience may be able to get
it going though).
Tony
More information about the cvsnt
mailing list