Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Thanks for the reply. >> If you set it to allow this (SystemAuth=Yes) than that is what happens... :) Hmm, that line in the CVSROOT/config file is commented out in all repositories # SystemAuth=Yes (cvsnt 2.x -created repo) # SystemAuth=No (cvsnt 1.1x -created repo) >> If SystemAuth=Yes the passwd file is not used except to provide pserver >> passwords. If a user/password isn't in the passwd file their domain >> password is used. Ok. Its starting to make sense. (except for the fact that SystemAuth=* is commented out) >> However it's *strongly* recommended >> that you don't use domain passwords with pserver as it's trivial to >> sniff them over the wire. (NTLM isnt that hard to sniff either ;-) - but point taken) >> CVSNT for Linux supports SSPI via winbind (but not SSPI encryption) and >> authentication via PAM provided the linux machine is a member of the >> domain and configured correctly... if you've not done it before and are >> unfamiliar with Linux get an expert in (or CVSNT support contract!). I think we are going to go the simple approach and use the passwd file.. Create cvs admin accounts per repo so they can edit it... -Nick Internet tmh at nodomain.org@cvsnt.org - 24/11/2004 01:17 Sent by: cvsnt-bounces at cvsnt.org To: cvsnt cc: Subject: [cvsnt] Re: Windows vs Linux: Authentication nick.minutello at uk.bnpparibas.com wrote: > Now, more recently, I have discovered that (using tortoisecvs), I can > authenticate (still using pserver) using my nt password (for domain NT > account) If you set it to allow this (SystemAuth=Yes) than that is what happens... :) > 1) does the nt authentication only work if using cvsnt client (ie > tortoise)? (I am pretty sure our intellij users are also using their domain > passwords..) Not for pserver..anyone can use it. However it's *strongly* recommended that you don't use domain passwords with pserver as it's trivial to sniff them over the wire. Use sserver, sspi or gserver if you're using domain authenication - sspi is recommended for simplicity, gserver (provided everyone is in the active directory) for security. > 2) is the passwd file required at all if using nt authentication with > pserver? If SystemAuth=Yes the passwd file is not used except to provide pserver passwords. If a user/password isn't in the passwd file their domain password is used. > Now, we are planning to move our server to a new linux (redhad AS) server. > Is the passwd file the recommended approach on linux (we prefer admin > simplicity over tight security)? > Will NT auth work on linux? CVSNT for Linux supports SSPI via winbind (but not SSPI encryption) and authentication via PAM provided the linux machine is a member of the domain and configured correctly... if you've not done it before and are unfamiliar with Linux get an expert in (or CVSNT support contract!). sserver and gserver are supported in the same way (gserver can be configured to use the Active Directory to autenticate, but that's a bit difficult to set up). Tony _______________________________________________ cvsnt mailing list cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. ********************************************************************************************** BNP Paribas Private Bank London Branch is authorised by CECEI & AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Securities Services London Branch is authorised by CECEI & AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Fund Services UK Limited is authorised and regulated by the Financial Services Authority.