[cvsnt] Does gserver support impersonation (Windows Active Directory)?
Dirk Weinhardt
d.weinhardt at luratech.com
Fri Nov 28 18:04:22 GMT 2008
Hi!
I'm using CVSNT 2.5.04 with Windows XP (server and client). I have
managed to set up a CVSNT server that authenticates users against a
Windows Server 2003 AD domain (I'm using the gserver protocol).
cvsservice.exe is run as mydomain\cvs, SPN cvs/myclient.mydomain is
mapped to mydomain\cvs. "Run as user" is set to "(client user)".
I'd expect cvsservice.exe to spawn an instance of cvs.exe as the user
that connects to the server (e.g. mydomain\dirk). But instead cvs.exe is
started as mydomain\cvs.
Unfortunately that prevents me from using NTFS permissions to control
who may access the repository.
I'd like to use NTFS permissions instead of CVSNT ACLs or SystemAuth=no
and a passwd file because this would enable me to control repository
access through Active Directory.
In gserver.cpp impersonation support depends on whether GSS_AD is
defined or not. Is the Windows binary distribution of CVSNT compiled
with GSS_AD defined? If so, what else can cause cvs.exe not being run
with client user's privileges?
Any help is appreciated.
Best regards,
Dirk
--
Dirk Weinhardt
LuraTech Europe GmbH
Kantstraße 21
10623 Berlin
Germany
Tel: +49 30 394050 28
Fax: +49 30 394050 99
http://www.luratech.com/
Amtsgericht Berlin-Charlottenburg HRB 100113
Geschäftsführer: Dipl.-Ing. Carsten Heiermann
More information about the cvsnt
mailing list