info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

problem with password authentication


From: Ronald Landheer
Subject: problem with password authentication
Date: Tue, 4 Dec 2001 17:27:44 +0100

Hello all,

I've set up a CVS server using pserver (and ssh) as authentication
methods, written a bunch of scripts to take care of the repository setup
etc. and am up to testing. By SSH, everything works impeckably, but as
the people here wet their pants when they see a command line, I have to
set pserver up too, because the GUI they want to use doesn't understand
SSH.. (they pay me for fixing non-existent problems, like I said
before).
pserver doesn't seem to want me to log in with the correct password.

I'm using RedHat 7.2 with xinetd cvspserver settings as follows:

-- BEGIN /etc/xinetd.d/cvspserver --
service cvspserver
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/bin/cvs
        server_args












= -f --allow-root=/home/cvs-repository/cvs-admin --allow-root=/home/cvs-repo
sitory/cvs-bo --allow-root=/home/cvs-repository/cvs-opentv pserver
}
-- END /etc/xinetd.d/cvspserver --
CVS server version is 1.10.8-8 (not the newest, I know, but it comes
with RedHat - I'll upgrate later, if it's useful)

When I run the following command,
"cvs -d:pserver:address@hidden:/home/cvs-repository/cvs-otv login"
cvs-test being a fully set-up account, directory permission on all
directories below and including /home/cvs-repository/cvs-otv/CVSROOT set to
777 and the same username/password combination working for a shell login on
the same system (home being /home/cvs-repository), I get the following
response:

(Logging in to address@hidden)
CVS password: <I type the password>
cvs login: authorization failed: server cvs.minisat.net rejected access to
/home
/cvs-repository/cvs-otv for user cvs-test

The password is OK - I am 100% sure of it.
Here's the entry from /home/cvs-repository/cvs-otv/CVSROOT/passwd for
cvs-test:
cvs-test:IAyKxbt6/kXf2:cvs-test

cvs-test is a user on the system, ofcourse.
The garbage between the colons is the output of a script call cvs-cryptout,
which looks like this:
-- BEGIN cvs-cryptout --
#!/usr/bin/perl

srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);

print "${crypttext}\n";
--- END cvs-cryptout ---
Now, I'm wondering if this script is OK - mostly because I'm not the one
that wrote it, and I don't quite remember where I got it from, but it looks
OK to me - take the same salt, you should get the same encrypted thing with
the same password, right?

BTW: same thing happens when I remove cvs-test from the /.../CVSROOT/passwd
file (it should look for the UNIX user then, right?
Using same password there)..

Hope someone here can help..

Ronald




reply via email to

[Prev in Thread] Current Thread [Next in Thread]