[cvsnt] Re: Problem with sspi in 2.5.2.2064
Bo Berglund
bo.berglund at telia.com
Fri Sep 16 10:53:36 BST 2005
On Mon, 12 Sep 2005 23:57:22 -0300, Gerhard Fiedler
<lists at connectionbrazil.com> wrote:
>Hello,
>
>I just updated my TortoiseCVS installation. It comes with the 2064 build of
>cvs.exe. When I try to connect to my repository, I get this authentication
>error (I'm using sspi to a Win2k server):
>
>p:\test\environment>d:\Programs\CVS\TortoiseCVS\cvs.exe ver
>[80090311] No authority could be contacted for authentication.
>
>p:\test\environment>d:\Programs\CVS\TortoiseCVS\cvs.exe up
>[80090311] No authority could be contacted for authentication.
>
>
>Running the same commands with 2.5.01.1976 it works fine:
>
>p:\test\environment>D:\Programs\CVS\CVSNT\cvs.exe ver
>Client: Concurrent Versions System (CVSNT) 2.5.01 (Travis) Build 1976
>(client/server)
>Server: Concurrent Versions System (CVSNT) 2.0.34 (client/server)
>
>p:\test\environment>D:\Programs\CVS\CVSNT\cvs.exe up
>cvs server: Updating .
>
>
>Is this a known problem?
YES! It is a problem that I have asked about a couple of weeks ago.
Was discussed on this very list...
It works like this:
If you use a new CVSNT client and try to connect to a CVSNT server
that is running an earlier CVSNT version (like 2.0.41 or similar) and
you use the SSPI protocol, then you may get this error message.
This is because from a build number between 2040 and 2048 something
was changed so that the CVSNT client by default uses Kerberos for
authentication and the older CVSNT server does not understand this
correctly. Therefore the failure.
You can "fix" this on the client side by forcing the CVSNT client to
use NTLM authentication instead of Kerberos. This is done by changing
the CVSROOT string in the sandboxes as follows:
Old string:
:sspi:server:/repo or :sspi:user at server:/repo
New string:
:sspi;force=NTLM:server:/repo or :sspi;force=NTLM:user at server:/repo
/Bo
(Bo Berglund, developer in Sweden)
More information about the cvsnt
mailing list