info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem using GSSAPI auth and CVS passwd file user mapping


From: Derek Robert Price
Subject: Re: Problem using GSSAPI auth and CVS passwd file user mapping
Date: Wed, 17 Nov 2004 16:57:21 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040616

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Allen Sturtevant wrote:

>Neither of these worked.  Does GSSAPI authentication simply
>ignore the CVS passwd file?  


Yes.

>If so, is there some other method
>I can use to obtain the desired user mapping?


Yeah, there is some funny Kerberos-specific code in server.c that
notes that it is doing something like this, but my knowledge of GSSAPI
and Kerberos, especially KDCs & tokens, is pretty limited.  You might
try to deciper the code in server.c to figure out where it is getting
the username from (krb5_aname_to_localname()?).

There's also a dearth of good Kerberos setup information in the public
domain as far as I can tell.  If anyone knowledgeable could let me
pick their brain for long enough for me get a Krb5 client and server
set up here, I've been wanting to take a shot at understanding the
GSSAPI code in CVS for some time.

I've got what I think are the working Krb5 clients and servers
distributed with RedHat Linux here, but as soon as I hit the section
on kdcs, principals, and tokens, my head starts to spin, currently.

Alternatively, a good GUI might serve as well.  One that simplified
things to the level of "add user", "give user privs to network", "put
user in group", "give groups privs to application on computer", that
sort of thing, if that's possible.

Cheers,

Derek
- --
                *8^)

Email: address@hidden

Get CVS support at <http://ximbiot.com>!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBm8lALD1OTBfyMaQRAjMhAJ0QH88wuM0jZlzuzKWKsDTtm9KdCgCfTFw2
ddx8qEFZkWCOL5H7uT1Akew=
=N7lC
-----END PGP SIGNATURE-----





reply via email to

[Prev in Thread] Current Thread [Next in Thread]