[cvsnt] Rehashing the "repository administrators" problem

[Glen Starrett]

Using trusted authentication with a domain account you need to be a domain
administrator in builds < 73.  Build 73+ checks if you have a shadow account
on the local machine (an account with the same name, password is irrelevant)
that is an administrator.  Personally, I don't think it makes much sense,
but that's how it is set up.

I am using the admin file for setting up repository admins.  On the server,
in the CVSROOT of each repository you want to add an admin to, create the
file "admin" and put just the base username (not domain\username) and save
it.  Do NOT put the "admin" file in through CVS under source control--it
won't work (there would be a sizable security hole).

I've brought this up with Tony and his impression is that it is correct
behavior for an integrated login permissions check, but I respectfully
disagree (note that there are other issues at hand which complicate the
situation--namely impersonation vs. no impersonation).  Regardless, now that
you know how it works, you can set up your administrators and secure it
properly.

Hope this helps.

Glen Starrett

-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org]On Behalf
Of Terris Linenbach
Sent: Monday, March 10, 2003 11:45 AM
To: cvsnt at cvsnt.org
Subject: [cvsnt] Rehashing the "repository administrators" problem


I'm trying to run "cvs admin -b" and I'm getting the error "usage is
restricted to repository administrators."

My domain account belongs to the local Administrators group.  I am logged
onto the domain.  I have also tried creating local groups CVSAdmin and
CVSAdmins with no luck.

Any ideas?

Thanks!


_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt