[cvsnt] Re: Windows vs Linux: Authentication
Tony Hoyle
tmh at nodomain.org
Wed Nov 24 01:17:04 GMT 2004
nick.minutello at uk.bnpparibas.com wrote:
> Now, more recently, I have discovered that (using tortoisecvs), I can
> authenticate (still using pserver) using my nt password (for domain NT
> account)
If you set it to allow this (SystemAuth=Yes) than that is what happens... :)
> 1) does the nt authentication only work if using cvsnt client (ie
> tortoise)? (I am pretty sure our intellij users are also using their domain
> passwords..)
Not for pserver..anyone can use it. However it's *strongly* recommended
that you don't use domain passwords with pserver as it's trivial to
sniff them over the wire.
Use sserver, sspi or gserver if you're using domain authenication - sspi
is recommended for simplicity, gserver (provided everyone is in the
active directory) for security.
> 2) is the passwd file required at all if using nt authentication with
> pserver?
If SystemAuth=Yes the passwd file is not used except to provide pserver
passwords. If a user/password isn't in the passwd file their domain
password is used.
> Now, we are planning to move our server to a new linux (redhad AS) server.
> Is the passwd file the recommended approach on linux (we prefer admin
> simplicity over tight security)?
> Will NT auth work on linux?
CVSNT for Linux supports SSPI via winbind (but not SSPI encryption) and
authentication via PAM provided the linux machine is a member of the
domain and configured correctly... if you've not done it before and are
unfamiliar with Linux get an expert in (or CVSNT support contract!).
sserver and gserver are supported in the same way (gserver can be
configured to use the Active Directory to autenticate, but that's a bit
difficult to set up).
Tony
More information about the cvsnt
mailing list