[cvsnt] pserver authorization problems
David Jackman
David.Jackman at fastsearch.com
Sat Jan 7 15:26:29 GMT 2006
I started playing around with the CVSNT server settings and found that
if I change the "Run as user" setting from "(client user)" to a named
user account on that server machine (doesn't seem to matter which user I
use), then pserver works for all users. Is this the account CVSNT uses
if it can't find the user account that the particular cvs user is
supposed to be using (instead of just reporting an error and aborting)?
If so, then the question still remains why can't CVSNT find the user?
The accounts exist (I tried local accounts and domain accounts)--is it
that CVSNT can't find them or it isn't able to run as that user? Is
there any error log information that gives more details about what's
going on? I assume that if I continue to run CVSNT as a specific user
instead of (client user) then I won't be able to control access
permissions using the normal NTFS security, which I need to be able to
do.
..David..
-----Original Message-----
From: David Jackman
Sent: Saturday, January 07, 2006 7:46 AM
To: 'bo.berglund at telia.com'; cvsnt at cvsnt.org
Subject: RE: [cvsnt] pserver authorization problems
It's not the slashes. I've tried it with and without slashes that are
and aren't escaped and nothing works. Where do I go from here? It
seems pserver protocol won't work at all for any users (domain or
otherwise).
..David..
-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf
Of Bo Berglund
Sent: Friday, January 06, 2006 4:47 PM
To: cvsnt at cvsnt.org
Subject: Re: [cvsnt] pserver authorization problems
On Fri, 6 Jan 2006 16:09:44 -0700, "David Jackman"
<David.Jackman at fastsearch.com> wrote:
>As I've continued to search, I've found others asking essentially the
>same question and also getting no solutions. In my case, after playing
>with it a bit, it seems the pserver protocol doesn't want to work at
>all.
>
>I'm following the advice given on
>http://web.telia.com/~u86216177/InstallCVSNT25.html and using the sspi
>protocol to add users. I've added regular users and alias users in
>addition to domain users (which is what I want to use). All the users
Since I am not on a domain at home (where I do the testing) I cannot
handle the domain issues at all. So any problems stemming from domain
usage is beyond my capabilities, I'm afraid...
>appear to add correctly (I can see them in the passwd file). But when
>I
How did they look in the passwd file? With doubled up backslashes or
what?
>attempt to login to my repository using pserver, I get "Fatal error,
>aborting. cvs [login aborted]: <username>: no such user". If I enter
>an incorrect password, I instead get an authorization failed message.
>So I think I'm authenticating successfully (which must mean it found my
>user listing), then it's dying somewhere else.
I believe that CVSNT will first check the credentials you supply with
your call (the user from your CVSROOT and the password you give).
Then after this is OK it goes on to the "upper level" authentication and
checks the user there. Then it is discovered that there is no such user
at all and authentication fails.
If you enter a non-existing username then the failure will be earlier I
believe and the error messages are different.
However, I just did some tests on my test W2003 server running CVSNT
2.5.03.2182 trying to log in with accounts that are set up in the passwd
file but do not exist in the server itself.
The strange thing is that I get the following messages:
Logging in with an existing cvs user which does not exist in Windows:
- Login seems to succeed, no error message at all
- but when I try cvs ls as an operation using the account "kalle" who is
a cvs user with no real account:
c:\>set CVSROOT=:pserver:kalle at w2003srv:/PC
c:\>cvs login
Logging in to :pserver:kalle at w2003srv:2401:/PC CVS Password:
So this succeeds apparently...
c:\>cvs ls
audit_trigger error (session): attempt to write a readonly database
Audit trigger initialiasation failed:
cvs server: Pre-command check failed
Different result from yours...
Then with a totally non-existing account:
c:\>set CVSROOT=:pserver:charlie at w2003srv:/PC
c:\>cvs login
Logging in to :pserver:charlie at w2003srv:2401:/PC
CVS Password:
cvs [login aborted]: authorization failed: server w2003srv rejected
access to /PC for user charlie
Which must happen early on.
/Bo
(Bo Berglund, developer in Sweden)
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list