[cvsnt] gserver problems : status confirmation

Tony Hoyle tmh at nodomain.org
Thu Feb 5 11:33:54 GMT 2004


On Wed, 4 Feb 2004 23:09:21 -0000, "Nick Partner"
<nick at theendofmytether.com> wrote:


>I have a clean install, of cvsnt 2.0.24 with gserver and sspi with
>protocol.ini looking right, sspi works gserver gives one of the above
>errors depending on whether gserver or mit gserver is used).  NOTE:  Get
>these errors with both unix and cvsnt cvs binary
>
gserver is a complete bitch to setup right, especially when talking to
the active directory.  Basically you'll been an in-house kerberos
expert to diagnose it - I've had it working, but mostly by accident.
If anything is missing (any of the principals, the host keys, etc.)
then it'll fail in odd ways.

The code that is there does work, but I can't help with configuration
as I don't know myself how to do it.  There is no point in trying to
use it with a Windows client as the SSPI protocol will negotiate a
kerberos session automatically anyway.

As much as I know it:

1. It must be a kerberos 5 capable client.
2. You have be able to do a successful kinit first
3. Active directory needs a service principal for the CVS service
(CVSNT attempts to do this automatically).
4. Active directory also needs correct host keys for the clients, and
these need to be in the host keytab file on the client.

That's not all, because after doing that it still doesn't always
work...

Tony




More information about the cvsnt mailing list