Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On 8/19/06, Gabriel Genellina <gagsl-cvsnt at yahoo.com.ar> wrote: > SSPI = Security Service Provider Interface = Microsoft's version of > the Generic Security Service API (GSSAPI), RFC 1508/1509. > It allows to authenticate a user, and acquire credentials for it. > Using SSPI, CVSNT delegates authentication to the operating system; > there is no need to manage users or passwords inside the program. > It's the recomended protocol on Windows and "just works" - no tweaks > and no special configuration must be done, what additional > documentation do you need? First, the format of CVSROOT is not formally described (at least no dedicated section for it that can be easily found). Second, it works when I set CVSROOT to :sspi:localhost:/cvshome/scripts but not when it is set to :sspi:cvshome:/cvshome/scripts (I have `127.0.0.1 cvshome' in HOSTS.) Maybe it is all good behaviour. But it is confusing for a person that just wants to use CVS. Are users expected to look up in other references in order to use CVSNT securely? > On the other way, pserver is really insecure as the user password > goes transmitted in (almost) plain text. The above shows that the server name could be a problem for remote access with SSPI. For local access, pserver is secure too. > > > > To make a user an admin of CVS you have to add him to the > > > CVSROOT/admin file (just list his login username on a line in this > > > file). > > > The file does not exist by default so you have to create it. And it > > > should NOT be added to the CVSROOT/checkoutlist file either! > > > >I appreciate your help very much. However, it is a bug, either in > >documentation or in the software. In the CVSNT Manual accompanied with > >my CVSNT installation 2.5.03.2382, admin is not listed as an > >administrative file, and it is written: > > > >`On unix, if there is a group named cvsadmin, only members of that > >group can run cvs admin. This group should exist on the server, or any > >system running the non-client/server cvsnt. To disallow cvs admin for > >all users, create a group with no users in it. On NT, server > >administrators are able to use the admin command.' > > In the same manual, read Chapter 3: Security > <http://www.cvsnt.org/manual/html/Security.html>, specially section > Repository administrators > <http://www.cvsnt.org/manual/html/Administrators.html> Thanks, you are right. Unfortunately this piece of information cannot be easily found, and there are conflicting (incomplete) descriptions in the section that describes the cvs admin commands. You are right that passwd is not listed either as an administrative file. However, there is an entry `passwd (admin file)' in the index of the Manual CHM file, but no entry like `admin (admin file)'. Best regards, Yongwei -- Wu Yongwei URL: http://wyw.dcweb.cn/