[cvsnt] Accessing the CVSNT server from another domain

doug.snaith at cis.co.uk doug.snaith at cis.co.uk
Thu Mar 4 14:52:19 GMT 2004


I'm trying to do something in CVSNT, and I can't get it to work. Not only
that, during my attempts to get this something working, I notice some odd
behaviour as well.

I will preface what follows with mentioning that I am not exactly a guru
when it comes to NT domains, users and groups, and it might be that lack of
knowledge that's letting me down. Anyway, here goes.............

My environment is CVSNT Server 2.0.26  installed on Windows NT SP6 on
'Domain1'. I have developers running CVSNT client on 'Domain2' (actually,
they're running CVS within Websphere as well, but thats by the by, as I'm
doing most of my testing on the command line). I'm using pserver protocol -
don't have a choice here, coz Websphere doesn't appear to allow sspi. The
CVSNT server is called Server1. As far as I know, Domain1 and Domain2 get
along perfectly fine together on the same company network.

I want to set things up so that User1 logs onto the CVSNT server with his
Domain2 password (so there is just one p/w for both his network logon, and
CVS logon). But then I want the permissions set up on Domain1 (ie. where
the server is) to kick in (I don't have admin rights to Domain2, but I do
have them to Domain1). So I have a global group on Domain1, CVSUsers, which
contains User1.

On Server1, I have SystemAuth set to 'no', and I have an entry in
repos\cvsroot\passwd = 'Domain2\User1:!Domain2'.
My CVSROOT environment variable on the client
= 'pserver:Domain2\User1 at Server1:/repos'

The login itself works fine, but the weird thing is it accepts both
passwords for User1, ie. the one defined on Domain1 and the one defined on
Domain2, which are different values. I find this a little unexpected,
because I am connecting to the server as 'Domain2\User1', and not 'User1'.
And the really weird thing is if I completely remove the definition for
User1 on Domain1, I CAN STILL login with both passwords! And the final
piece of unexpected behaviour, it doesn't seem to matter what !domain  (eg.
!Nonsense) I have defined in the passwd file, as long as the userid
matches, the login is accepted. Again, with either password!

Anwyay, that's not the real problem. Even though I have User1 defined to
Domain1 as a member of CVSUsers, which is a global group, and CVSUsers has
been set up in the NTFS file permissions for /repos, and its cascaded down
into /cvsroot, I get a 'permission denied' message when I try to access the
repository after login. One way round that is to add the 'Everyone' NT
account to the NTFS pernissions on the repository, but I don't really want
to do that because I might need a higher level of granularity regarding
access to the repos.

So what is going on? What am I doing wrong?


_____________________________________
Doug Snaith
ICT D & D, 8th floor Miller Street,
ext 3536
doug.snaith at cis.co.uk




*************************************************************************

This e-mail may contain confidential information or be privileged. It is intended to be read and used only by the named recipient(s). If you are not the intended recipient(s) please notify us immediately so that we can make arrangements for its return: you should not disclose the contents of this e-mail to any other person, or take any copies. Unless stated otherwise by an authorised individual, nothing contained in this e-mail is intended to create binding legal obligations between us and opinions expressed are those of the individual author.

The CIS marketing group, which is regulated for Investment Business by the Financial Services Authority, includes:
Co-operative Insurance Society Limited Registered in England number 3615R - for life assurance and pensions
CIS Unit Managers Limited Registered in England and Wales number 2369965  - for unit trusts and PEPs
CIS Policyholder Services Limited Registered in England and Wales number 3390839 - for ISAs and investment products bearing the CIS name
Registered offices: Miller Street, Manchester M60 0AL   Telephone  0161-832-8686   Internet  http://www.cis.co.uk   E-mail cis at cis.co.uk

CIS Deposit and Instant Access Savings Accounts are held with The Co-operative Bank p.l.c., registered in England and Wales number 990937, P.O. Box 101, 1 Balloon Street, Manchester M60 4EP, and administered by CIS Policyholder Services Limited as agent of the Bank.

CIS is a member of the General Insurance Standards Council

CIS & the CIS logo (R) Co-operative Insurance Society Limited

********************************************************************************




More information about the cvsnt mailing list