[cvsnt] SSPI authentication from Windows7 client

Glen Starrett glen.starrett at march-hare.com
Mon Oct 12 19:41:12 BST 2009


Chuck.Kirschman wrote:
> Yes, this is what we have to do for all machines not attached to the 
> domain on XP through 7.  For earlier versions of CVS we had to put the 
> username with the \ in a separate env variable to get it to work.  Not 
> sure if that's fixed (or fixable).
> 
> set MYCVSUSERNAME=system3r\bob
> cvs -d:sspi:%MYCVSUSERNAME%@server1:/repo1 login
...

Hi Chuck,

No, you don't need to do the env variable any more.  I did verify Bo's 
XP observations with a clean non-domain attached VM I have for testing, 
but I haven't checked Win7 myself yet.

On my non-attached (randomly named) XP machine to a server on a (Samba) 
domain, logged in with same username/password as contained in the 
domain, the following methods work:

cvs -d:sspi:domain\username at host:/test login
cvs -d:sspi:domain\username at host:/test ls

OR

cvs -d:sspi:host:/test ls

Using the explicit domain\username requires the login step, and with the 
built in credentials XP is able to work it out.

I'm guessing that Win7 isn't "working it out" because of some 
differences in the networking/domain settings on Win7 client (Kerberos 
only? Some "trusted" settings?  Anti-spoofing prevention?).  There's 
probably a way to fiddle with the settings to get it working, but that's 
not the important bit -- it's different, and it's the OS that's causing 
the difference AFAICT.

Normally it's best to just connect to the domain, then everything works 
as expected.  Just that easy, right?

Regards,

-- 
Glen Starrett
Technical Account Manager, North America
March Hare Software, LLC
http://march-hare.com/cvspro/
800-653-1501 x803


More information about the cvsnt mailing list