|
| From: | Keeron Modi |
| Subject: | Problems in configuring PAM with CVS |
| Date: | Wed, 24 Sep 2003 10:28:33 -0700 |
Hello all,
We are planning to use CVS on a redhat linux box and running into some problems
when authenticating users who are on windows boxes. Below are some details about
our current config. and the problems we are facing. Would appriciate any help regarding this :)
Current server configuration:
RedHat 9.0
CVS Server (1.11.6)
Windows Clients: Using Windows XP with CVS NT (TortoiseCVS / WinCVS clients)
Issue:
We are trying to configure out CVS server so that users can use their Windows domain
Login/password to log into the Linux based CVS server. For this we need to configure PAM
on the RedHat linux box and also configure CVS to use PAM.
Current Situation:
We have enabled PAM / Winbind on the Redhat Linux box. To test this we Telnet in using
our Windows NT domain login/password to the Linux server and it works. There is
no local account on the linux box for this user. Therefore it seems that PAM
is working.
To have CVS authenticate using PAM, we applied the patch from
(http://ccvs.cvshome.org/issues/show_bug.cgi?id=44). We applied only the first patch from
this website with our version of CVS 1.11.2 .. NOTE: THE patch (1) didnt
work with version 1.11.6 .. as it couldnt find acconfig.h . The other subsequent patches
From the above site also dosent work with cvs-1.11.2 ... (file acconfig.h not found)
THE FOLLOWING is a effect - irrespective whether I apply the patch (cvs
version is 1.11.2 or 1.11.6) or without the patch.
------------
Trying with a username that in the NT domain/pam
cvs -d :pserver:keeronmo@my.domain.com:/usr/local/cvs/cm login
Logging in to :pserver:keeronmo@my.domain.com:/usr/local/cvs/cm
CVS password: *******
cvs login: authorization failed: server my.domain.com rejected
access to /usr/local/cvs/cm for user keeronmo
-------------
Trying with an UNKNOWN user
(the user isnt in the windows NT domain, nor in the linux box, nor in the
CVSROOT/passwd file)
cvs -d :pserver:xyz123@my.domain.com:/usr/local/cvs/cm login
Logging in to :pserver:xyz123@my.domain.com:/usr/local/cvs/cm
CVS password: *******
Fatal error, aborting.
xyz123: no such user
-----------------
There is a second patch too that we tried (Brian Murphey's patch) from
http://www.murphy.dk/patches/cvs-pam-1.11.6.patch ... We used version 1.11.6
of CVS. We get the same errors as above. A user who is in the windows NT
domain - when he tries to login to CVS he gets "Authorization rejected".
When a user *NOT* in the NT domain, and not in the Local unix box logins
through CVS he gets the error "no such user".
We have created a file called "cvs" (same name as the CVS binary) in /etc/pam.d/ folder ...
with the following settings
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_rhosts_auth.so
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
We have all the above files in correct location ...
So my guess is :
Pam is configured correctly on the linux box
CVS is patched correctly
Missing/incorrect path could be the /etc/pam.d/cvs file or some other configuration that has to be done
So that CVS uses PAM for authentication.
Any idea on what part we are missing or configured correctly. Is there a test that we can do to see if
CVS actually goes to PAM for authentication after we apply the patches ?
Any quick / detailed response will be appreciated.
-----------------------------------------------------------------------------
"Strive for perfection in everything you do, take the best that
exists and make it better, and if it does not exist then design it."
Keeron Modi
KeeronMo@Attachmate.com
Intern - Configurations Management Group.
Attachmate Corporation
425-649-6674
| [Prev in Thread] | Current Thread | [Next in Thread] |