CVS server for NT 1.11.1.3 -------------------------- 1. Installation of the CVS server If you are using the precompiled version installation is simple - just click on the cvsnt_1.11.1.3.exe installation program. You must have administrator priviliges to install the server. To setup the server use the cvsnt control panel to install the service, then add the locations of your repositories. 2. Use of the command line client If you are using an NT or Windows 2000 client, use is preferable to use the cvs.exe supplied, as this is full version which supports all features of the NT server. Windows 95/98 clients should use the cvs95.exe, which is a stripped down version. This will not attempt to use NT security procedures or usernames, and so may not be as useful when used with :local: mode (client/server mode is generally unaffected, as authentication is done on the server). 3. Authentication If SystemAuth=yes, users are validated against the current NT domain, or against the domain specified in CVSROOT (see below). If a CVSROOT/passwd exists, this is used. To add/remove passwords it is recommended that the 'cvs passwd' command is used. However it is possible to manually edit the passwd file. Example passwd: fred:V0ytEAiIbwHx2 # DES crypt()ed password joe:!SOUTHPARK # Joe uses the password on the 'SOUTHPARK' domain bill:I9CJ9Xvejag2k:fred # bill doesn't have an account, so he uses freds. To specify the pserver mode, specify CVSROOT (or the -d option) with: :pserver:[domain\]userid@server:repository where: domain is the user's home domain (e.g. notes or bloomington). Defaults to the server's domain. If a user is from a domain different than the server, this must be specified. A \ separates the domain from the userid. userid is the user's windows user id (e.g. waynej). server is the name of the CVS server machine (e.g. goldenrod). repository is the location of the repository on the CVS server machine (e.g. D:\cvsroot). Note: UNIX clients interpret a \ as a character escape. You will need to specify \ as \\ on UNIX. Example: set CVSROOT=:pserver:notes\waynej@goldenrod:d:\cvsroot set CVSROOT=:pserver:demo@goldenrod:d:\cvsroot export CVSROOT=:pserver:notes\\waynej@goldenrod:d:\\cvsroot You must specify a password with the cvs login command first. See the CVS manual for more details on pserver and cvs login. 4. sspi mode This is a method of authenticating using NT domain passwords over TCP/IP. If your clients are windows clients, and sending their passwords over the network by using :sspi: mode. This protocol also supports encryption of the data stream (using the -x flag to cvs). In this mode passwords in the CVSROOT/passwd are ignored. If SystemAuth=No the passwd file is used as a list of users who can use this repository. To specify the sspi mode, specify CVSROOT (or the -d option) with one of the following: :sspi:server:repository Local domain, use logged in user :sspi:user@server:repository Local domain, use alternate user :sspi:DOMAIN\user@server:repository Remote domain DOMAIN is the name of the remote domain user is the name of the user on the domain to use server is the name of the CVS server machine (e.g. goldenrod). repository is the location of the repository on the CVS server machine (e.g. D:\cvsroot). Example: set CVSROOT=:sspi:goldenrod:d:\cvsroot In instances where the remote domain is unable to authenticate you automatically (common when connected to the internet), you must supply the password using the 'cvs login' command. 5. Connecting from Unix or Mac clients To connect from clients which don't understand NT drive/directory syntax, an alternate syntax is available using double-slash (//) instead of the colon: set CVSROOT=:pserver:foo@goldenrod:/d//cvsroot 6. Kerberos On an Active directory domain GSSAPI is supported using the native Win32 kerberos system. This is installed by default. Unix kerberos clients should be able to connect to this version. On an NT4 domain GSSAPI is supported using MIT kerberos. DNS discovery of kerberos keyservers is not supported as the MIT source due to export restrictions. This version requires configuration of the krb5.ini. Consult your local kerberos export for help with this. A Win2000 machine cannot act as a server to an MIT KDC using the Active Directory version of the protocol. For this use the MIT version. The MIT install is put in the 'mit' subdirectory of the cvsnt installation directory. To activate it change the protocol_map.ini in the cvsnt installation directory, as per the comments in that file. 7. Unicode Unicode files are translated to UTF-8 while being checked in. To make sure they are checked out in their original form you need to mark them with the '-ku' flag during cvs add/import. CVS can translate UCS-2 files in both big-endian and little-endian format, as used by NT. It does not currently support UCS-4 but NT doesn't support this either so it shouldn't present a problem. 8. Impersonation Impersonation is the means by which the cvsnt server can run under the privilege of the client. How impersonation is achieved depends on the client: sspi: Impersonation is provided by the Windows SSPI subsystem ntserver: Impersonation is provided by the Windows API pserver: Impersonation is provided by cvsnt (method described below). 9. Impersonation in pserver mode If the service is running under a username that has 'Create a token object' privilege it will be able to impersonate the user it is connected to in pserver mode. Under an NT4 domain the default LocalSystem account has this privilege automatically. Under an Active directory this may need to be added to work correctly. 10. Registry keys Registry keys are normally handled by the control panel applet. In HKEY_LOCAL_MACHINE\Software\CVS\Pserver\ Key Type Description Repository0 String First repository Repository1 String Second repository ... Repository63 String 63rd repository Impersonation Dword Whether to impersonate the client. If you have permission problems connecting to the client over pserver, try setting this to 0. Defaults to 1. Setting this to 0 will cause all accesses to the repository to happen as the System user. BindAddress String Address of interface to bind to, on multi-homed hosts. Defaults to binding to all interfaces. StartNTServer Dword Whether to start the NTServer (Named pipe) interface (default yes) TempDir String Directory to use for temporary files. Must be large enough to hold a copy of the checked out repository & writeable by all cvs users. PServerPort Dword Port to listen on if not standard (2401). LockServerPort Dword Lock Server Port to listen on if not standard (2402). RepositoryPrefix String Prefix to add to repository name. DontUseDomain Dword If set to 1, only local users are checked rather than domain users. 11. support CVSNT Support is provided on cvsnt mailing list: cvsnt@cvsnt.org. For details see http://www.cvsnt.org/mailman/listinfo/cvsnt or news://news.cvsnt.org/cvsnt.support For WinCVS questions ask on the CvsGui (WinCvs/MacCvs/gCvs) mailing list. For details see http://www.cvsgui.org Project maintainer: Tony Hoyle Website: http://www.cvsnt.org 12. License This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.