[cvsnt] PAM Winbind linux cvsnt
Unbehagen, Bret Earl (SD)
beunbehagen at liberty.edu
Fri May 12 12:55:26 BST 2006
I have been trying to install cvsnt on my RHEL3 server using PAM
winbind.so. I did the following
1. tar -xvzf cvsnt-2.5.03.2260.tar.gz
cd cvsnt-2.5.03.2260.tar.gz
2. ./configure (I also tried --enable-pam )
3. make
4. make install
5. I created the /etc/init.d/cvslockd
6. Created the /etc/cvsnt/PServer enabling the Repository options,
LockServerLocal=0; Compat0_HideStatus=0,
WinbindWapper=/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp,
ServerName=<fqdn>
7. /etc/xinetd.d/cvspserver
service cvspserver
{
disable = no
socket_type = stream
wait = no
user = root
group = root
log_type = FILE /var/log/cvspserver
env = 'HOME=/home/cvsroot'
server = /usr/local/bin/cvsnt
server_args = authserver
}
8. /etc/cvsnt/Plugins
# This file contains information about the state of the various
protocols and external # plugins that are available.
#
# By default protocols are enabled, and other plugins are disabled.
#EnumProtocol=1 # Remote enumeration (info -r)
#GserverProtocol=1 # GSSAPI
PserverProtocol=1 # Original pserver
#SserverProtocol=1 # SSL encrypted pserver
SspiProtocol=1 # SSPI (via Winbind, if configured)
#AuditTrigger=0 # Audit events to database
#EmailTrigger=0 # Send emails
#CheckoutTrigger=0 # Enable CVSROOT/shadow
9. /etc/pam.d/cvsnt
#%PAM-1.0
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_unix.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
10. service xinetd restart
11. service cvslockd start
winbind is already running and working for system and smb login (I
logged in and sudo'ed with my AD account). I also did the cvs init
thing.
Remotely I:
$ CVSROOT=:pserver:<username>@<fqdn>:/<repo>
$ cvs login
Logging in to :pserver:<username>@<fqdn>:2401/<repo>
CVS password:
cvs login: authorization failed: server <fqdn> rejected access to
/<repo> for user <username>
Thank You:
Bret Earl Unbehagen
Systems Developer
Liberty University(r)
Ps. Sorry if this is a repeate I did not see the bonce from when I sent
it yesterday.
More information about the cvsnt
mailing list