[cvsnt] pserver authorization problems

David Jackman David.Jackman at fastsearch.com
Sat Jan 7 15:26:29 GMT 2006


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


I started playing around with the CVSNT server settings and found that
if I change the "Run as user" setting from "(client user)" to a named
user account on that server machine (doesn't seem to matter which user I
use), then pserver works for all users.  Is this the account CVSNT uses
if it can't find the user account that the particular cvs user is
supposed to be using (instead of just reporting an error and aborting)?
If so, then the question still remains why can't CVSNT find the user?
The accounts exist (I tried local accounts and domain accounts)--is it
that CVSNT can't find them or it isn't able to run as that user?  Is
there any error log information that gives more details about what's
going on?  I assume that if I continue to run CVSNT as a specific user
instead of (client user) then I won't be able to control access
permissions using the normal NTFS security, which I need to be able to
do.

..David..


-----Original Message-----
From: David Jackman 
Sent: Saturday, January 07, 2006 7:46 AM
To: 'bo.berglund at telia.com'; cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
Subject: RE: [cvsnt] pserver authorization problems

It's not the slashes.  I've tried it with and without slashes that are
and aren't escaped and nothing works.  Where do I go from here?  It
seems pserver protocol won't work at all for any users (domain or
otherwise).

..David..
 

-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf
Of Bo Berglund
Sent: Friday, January 06, 2006 4:47 PM
To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
Subject: Re: [cvsnt] pserver authorization problems

On Fri, 6 Jan 2006 16:09:44 -0700, "David Jackman"
<David.Jackman at fastsearch.com> wrote:

>As I've continued to search, I've found others asking essentially the 
>same question and also getting no solutions.  In my case, after playing

>with it a bit, it seems the pserver protocol doesn't want to work at 
>all.
>
>I'm following the advice given on
>http://web.telia.com/~u86216177/InstallCVSNT25.html and using the sspi 
>protocol to add users.  I've added regular users and alias users in 
>addition to domain users (which is what I want to use).  All the users

Since I am not on a domain at home (where I do the testing) I cannot
handle the domain issues at all. So any problems stemming from domain
usage is beyond my capabilities, I'm afraid...

>appear to add correctly (I can see them in the passwd file).  But when 
>I

How did they look in the passwd file? With doubled up backslashes or
what?

>attempt to login to my repository using pserver, I get "Fatal error, 
>aborting. cvs [login aborted]: <username>: no such user".  If I enter 
>an incorrect password, I instead get an authorization failed message.
>So I think I'm authenticating successfully (which must mean it found my

>user listing), then it's dying somewhere else.

I believe that CVSNT will first check the credentials you supply with
your call (the user from your CVSROOT and the password you give).
Then after this is OK it goes on to the "upper level" authentication and
checks the user there. Then it is discovered that there is no such user
at all and authentication fails.
If you enter a non-existing username then the failure will be earlier I
believe and the error messages are different.

However, I just did some tests on my test W2003 server running CVSNT
2.5.03.2182 trying to log in with accounts that are set up in the passwd
file but do not exist in the server itself.
The strange thing is that I get the following messages:

Logging in with an existing cvs user which does not exist in Windows:
- Login seems to succeed, no error message at all
- but when I try cvs ls as an operation using the account "kalle" who is
a cvs user with no real account:

c:\>set CVSROOT=:pserver:kalle at w2003srv:/PC
c:\>cvs login
Logging in to :pserver:kalle at w2003srv:2401:/PC CVS Password:

So this succeeds apparently...

c:\>cvs ls
audit_trigger error (session): attempt to write a readonly database
Audit trigger initialiasation failed:
cvs server: Pre-command check failed

Different result from yours...

Then with a totally non-existing account:
c:\>set CVSROOT=:pserver:charlie at w2003srv:/PC
c:\>cvs login
Logging in to :pserver:charlie at w2003srv:2401:/PC
CVS Password:
cvs [login aborted]: authorization failed: server w2003srv rejected
access to /PC for user charlie

Which must happen early on.



/Bo
(Bo Berglund, developer in Sweden)
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook