[cvsnt] Re: :sspi: without username specification

Bo Berglund bo.berglund at telia.com
Fri Oct 29 20:56:47 BST 2004


On Fri, 29 Oct 2004 14:08:56 -0400, "Prochazka, Jan"
<Jan.Prochazka at brooks.com> wrote:

>>But if I set  CVSROOT=:sspi:Server:/cvs/archive
>>(note no user), I can login using any password,
>>and I can then 'cvs ls'
>
>I realized the same behavior in our environment (win2kserver with 2.0.58a
>server, sspi protocol, 2.0.58a client at win2kprof) It allowed me to do
>everything without 'cvs login' even after I changed my win domain password.
>However if I tried the same from client not logged to domain, cvs asked for
>password.
>
>Looks like :sspi: protocol bug, but i did not investigate any deeper.
>
>Jan
>
SSPI works like this:
1) You log in to Windows when you start your workstation.
2) At this time you are authenticated against the domain or local
Windows
3) Next you use SSPI without any name specification or login to
connect to CVSNT.
4) Now the username you are logged in as in Windows will be used also
for this connection

If you specify :sspi:user at server:/repo then you need to do a cvs login
because then you are overriding your Windows login with another
username and so you must do a login.

Simple really...


/Bo
(Bo Berglund, developer in Sweden)



More information about the cvsnt mailing list