[cvsnt] Re: PAM Winbind linux cvsnt
Unbehagen, Bret Earl (SD)
beunbehagen at liberty.edu
Fri May 12 13:49:35 BST 2006
I would like to use the SSPI however I am not sure how and I could not find any documentation for it. But I am the Admin for the server, and I did add the /etc/pam.d/cvsnt.
Bret Earl Unbehagen
Systems Developer
Liberty University®
________________________________
From: cvsnt-bounces at cvsnt.org on behalf of Tony Hoyle
Sent: Fri 5/12/2006 8:09 AM
To: cvsnt at cvsnt.org
Subject: [cvsnt] Re: PAM Winbind linux cvsnt
Unbehagen, Bret Earl (SD) wrote:
6. Created the /etc/cvsnt/PServer enabling the Repository options,
> LockServerLocal=0; Compat0_HideStatus=0,
> WinbindWapper=/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp,
> ServerName=<fqdn>
It's better to just copy the example file. I asume you didn't literally
type the commas etc.
LockServerLocal=0 is almost never used except for certain advanced
configurations (failover servers generally).
> Remotely I:
> $ CVSROOT=:pserver:<username>@<fqdn>:/<repo>
> $ cvs login
> Logging in to :pserver:<username>@<fqdn>:2401/<repo>
> CVS password:
> cvs login: authorization failed: server <fqdn> rejected access to
> /<repo> for user <username>
Hmm? Why go through all that if you are not using SSPI?
The Winbind wrapper *only* enables a limited SSPI server functaionality
on the cvsnt server (and even then I'm not sure I'd recommend it unless
you had no choice.. use Unix native authentication where you can).
PAM configuration is entirely separate, and is up to your admins to get
right (they probably already have done) - aside from copying a working
PAM configuration file to /etc/pam.d/cvsnt there really isn't anything
cvsnt specific to it at all.
Tony
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list