[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GSSAPI + pserver + systemauth=no
|
From: |
jmarquart |
|
Subject: |
GSSAPI + pserver + systemauth=no |
|
Date: |
Fri, 13 Sep 2002 10:28:44 -0400 |
I am running the following configuration:
cvs runs pserver - via xinetd
repository has config file modifiedsuch that systemauth=no
repository has passwd filew/ entries such as:
user1::cvs
user2::cvs
...
I then run a client:
with GSSAPI/krb5 authentication - users WITH machine accounts on cvsbox are
allowed to authenticate and use cvs normally (however - userid does not get
remapped to cvs)
with GSSAPI/krb5 authentication - users WITHOUT machine accounts fail (it
looks like they fail at the test around line 6032 in server.c of 1.11.1p1 - as
this is the only place I have found a "access denied" statement in the source)
with plaintext pserver authentication - users WITHOUT machine accounts -
can log in and are mapped to the cvs account
What I want (i.e. is this possible?) is:
users WITH or WITHOUT machine accounts to be able to via krb5 creds connect
to cvs.
then that user authentication gets translated by passwd file - such
that user1 become cvs in the server's eyes.
I would have assumed that this is possible, but have been unable to get it to
work.
If this is not possible with the stock tree- does anyone have patches that
might enable this behavior?
tia,
-john
- GSSAPI + pserver + systemauth=no,
jmarquart <=