[cvsnt] SSPI authentication from Windows7 client
glen.starrett at march-hare.com
Mon Oct 12 19:41:12 BST 2009
> Yes, this is what we have to do for all machines not attached to the
> domain on XP through 7. For earlier versions of CVS we had to put the
> username with the \ in a separate env variable to get it to work. Not
> sure if that's fixed (or fixable).
> set MYCVSUSERNAME=system3r\bob
> cvs -d:sspi:%MYCVSUSERNAME%@server1:/repo1 login
No, you don't need to do the env variable any more. I did verify Bo's
XP observations with a clean non-domain attached VM I have for testing,
but I haven't checked Win7 myself yet.
On my non-attached (randomly named) XP machine to a server on a (Samba)
domain, logged in with same username/password as contained in the
domain, the following methods work:
cvs -d:sspi:domain\username at host:/test login
cvs -d:sspi:domain\username at host:/test ls
cvs -d:sspi:host:/test ls
Using the explicit domain\username requires the login step, and with the
built in credentials XP is able to work it out.
I'm guessing that Win7 isn't "working it out" because of some
differences in the networking/domain settings on Win7 client (Kerberos
only? Some "trusted" settings? Anti-spoofing prevention?). There's
probably a way to fiddle with the settings to get it working, but that's
not the important bit -- it's different, and it's the OS that's causing
the difference AFAICT.
Normally it's best to just connect to the domain, then everything works
as expected. Just that easy, right?
Technical Account Manager, North America
March Hare Software, LLC
More information about the cvsnt