[cvsnt] Re: SSPI across domain boundaries setup description?

Tony Hoyle tmh at nodomain.org
Wed Sep 8 12:27:04 BST 2004


Oliver Giesen wrote:

> When connecting across domain boundaries/over the internet:
> 
> 1. What should ideally be the setting of CVSROOT/config.SystemAuth or
> doesn't it matter?

Really just SystemAuth=yes unless you want to specifically limit the 
users who can log in.

> 1a. Does SystemAuth=yes imply: "Don't even look at passwd"?

Pretty much.

> 2. Does one have to include the username in the CVSROOT even if it is
> the same as on the server?

No, but across the internet people have had better results by specifying 
the user (I think it tends to use your local computer/domain login if 
you don't, which is unlikely to have enough trust).

> 3. Does one have to use the Login command even if username and password
> are the same as on the server (though the account is not the same!)?

Unless there are cached credentials already, yes.  If you would need to 
login by username/password to view a network share, then you'll probably 
need to with cvs.

> 4. Does one have to set up the user in the passwd file?

No

> A more general question concerning 2+3: Does CVSNT use SIDs or always
> username/password? IOW: Does it really matter which domain a user
> account belongs to as long as there is an account with the same
> username/password combination in both domains?

That's internal to the implementaiton of SSPI and I can't really answer. 
  I think sspi tends to use the full domain\user syntax but there are 
cases where it'll authenticate anyway... just not sure what the 
conditions are.

Tony



More information about the cvsnt mailing list