[cvsnt] CVSNT SSPI error: [80090308] The token supplied to the function is invalid

Bo Berglund bo.berglund at telia.com
Thu Nov 2 06:13:47 GMT 2006

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

On Wed, 01 Nov 2006 14:43:44 -0500, Insert Real Name
<insertrealnameREMOVE_THIS at yahoo.ca> wrote:

>I just installed the lastest stable release of CVSNT client/server on 
>Windows 2K Prof. SP4 w/all current Microsoft update patches. On this 
>machine the "Lan Manager Authentication Level" is set to "Send NTLMv2 
>response only, refuse LM and NTLM", just to make it a little more secure 
>when accessing shares from another computer.
>I initiated a respository located in my home directory and accessible 
>via the repository alias "/me", e.g. in C:\Users\Me\MyCVS (no spaces in 
>path, full access for me, Administrators and SYSTEM) via the CVSNT 
>manager applet, ensured that the SSPI protocol was enabled, and then 
>tried to check out just the root of the repsitory via the command-line 
>client, e.g.:
>md cvsadmin
>cd cvsadmin
>cvs -d :sspi:me at computername:/me co -l .
>This should create the CVS hidden directory in the current directory and 
>not check out anything recursively. However I received the error message 
>quoted in the subject line of this post.
>I then enabled tracing on the server, tried it again using global option 
>-ttt, and verified that the SSPI protocol was being loaded.
>The only way around the error message was to first use
>cvs -d :sspi:me at computername:/me login
>and then subsequent commands worked as expected.
>But I thought the whole point of SSPI was to authenticate using your 
>current Windows session login credentials, no separate login requirement 
>at all, and no "trivially encoded" password stored in the registry for 
>CVSNT server CVSROOT?!? Or have I misunderstood the manual on this matter?

Apparently you did not read enough!

SSPI comes in two different syntactic flavours:

This version uses the current login credentials of the user sending
the command. It reuses the Windows authentication and is what you
probably is after.

  :sspi:user at server:/repo
This is a variation that makes it possible to use sspi even if the
workstation and the server are not agreeing on the user accounts. For
example if your local login does not exist in the server, then you can
use this form. As with all user@ protocols you MUST do a cvs login
(once only) when you use this syntax.


(Bo Berglund, developer in Sweden)

More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook