[cvsnt] Problem in debian
Jack, Cao Cu
user at domain.invalid
Tue Feb 24 16:38:15 GMT 2009
Hi Claudio,
Please check file "cvsnt" in /etc/xinet.d/cvsnt and "xinetd.conf" or
"inetd.conf" on the server.
Example :
CVSNT file:
-----------
service cvspserver
{
socket_type = stream
wait = no
server = /usr/bin/cvsnt
server_args = --allow-root=/demo -f pserver
env = 'HOME=/demo'
log_type = FILE /var/log/cvspserver
groups = yes
log_on_failure += USERID
flags = REUSE IPv6
mdns = no
disable = no
user = root
}
NOTE : Note especially the "server" and "server_args". Wrong information
here will result in "connection actively refused" when trying to
authenticate. If you're using normal inetd, not xinetd, read the section
following this.
xinetd.conf or inetd.conf file :
-------------
cvspserver stream tcp nowait root /usr/bin/cvs
cvs --allow-root=/demo authserver
Check login : telnet 192.168.24.105 2401
With pserver and sserver, the passwords are stored on the client side in
a trivial encoding of the cleartext and in the pserver case transmitted
in the same encoding. The encoding is done only to prevent inadvertent
password compromises (i.e., a system administrator accidentally looking
at the file), and will not prevent even a naive attacker from gaining the
password. With Sserver, the client/server connection is encrypted using
SSL, and the risk of the password being sniffed on the wire is very
low.Do you have created a certificate for cvsnt?
Claudio Guzman wrote:
> other question, for cvs access to the user also has to take into
> account the debian. and as if the protocol is running sserver?
> Example:
> Client:
> $ cvs -d :sserver:demo:demo at 192.168.24.105:/demo login
> Logging in to :sserver:demo at 192.168.24.105:2401:/demo
> connect to 192.168.24.105:2401 failed:
>
> Server log auth.log
> Feb 23 16:06:04 desarrollo sshd[2898]: Failed password for invalid
> user demo from 192.168.24.107 port 58961 ssh2
>
>
>
> 2009/2/21 <user at domain.invalid>:
>> Hi Claudio,
>>
>> On Server:
>> PServer and Plugin
>>
>> Vi /etc/cvsnt/Plugins
>> #EnumProtocol=1 # Remote enumeration (info -r)
>> #GserverProtocol=1 # GSSAPI
>> PserverProtocol=1 # Original pserver
>> SserverProtocol=1 # SSL encrypted pserver
>> #SspiProtocol=1 # SSPI (via Winbind, if configured)
>> #SyncProtocol=1 # Server sync
>> #AuditTrigger=0 # Audit events to database
>> #EmailTrigger=0 # Send emails
>> #CheckoutTrigger=0 # Enable CVSROOT/shadow
>>
>> - Vi /etc/cvsnt/PServer and change:
>> #
>> AuditLogSessions=1 # All server connections/commands
>> #AuditLogCommits=0 # Log changes due to commits
>> #AuditLogDiffs=0 # Store diffs in commit log
>> #AuditLogTags=0 # Log tagging operations
>> AuditLogHistory=1 # Log cvs history
>> #
>> You will create a key PEM
>> CertificateFile=/etc/cvsnt/cert.pem
>> PrivateKeyFile=/etc/cvsnt/key.pem
>> And change :
>> #CertificatesOnly=0
>> Repository0=/home/database
>> Repository0Name=/database >> Repository0Name=/database
>> On Client :
>> You install cvsnt and cvsnt-protocol-sserver on CVS Client.
>>
>> Claudio Guzman wrote:
>>> please PServer settings and Plugin, I can not make the client connects
>>> to the server remotely by :sserver:
>>>
>>> Thanks.
>> _______________________________________________
>> cvsnt mailing list
>> cvsnt at cvsnt.org
>> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>>
>> Upgrade to CVS Suite for more features and support:
>> http://march-hare.com/cvsnt/
>>
More information about the cvsnt
mailing list