Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Fri, 14 Mar 2003 12:19:20 -0000, "Thomas Muller" <ttm at online.no> wrote: >All, > >Accessing a repository on a different host than the one hosting CvsNT works >fine in pserver mode, but not in SSPI. In SSPI mode authentication works >fine, CVSROOT/config is read OK, but upon checkout a "permission denied" is >returned to the client. > NT Security enforces permission checks on impersonated accounts that mean that you can't access the network. I'm surprised it works in pserver, since it shouldn't (unless you have impersonation disabled, which would normally affect sspi too). There is a way around it on Active Directory - you can give the user (or service, can't remember which) delegation authority which gives network access as an impersonated user, however this weakens the security model somewhat and admins are understandably reluctant to do it. Basically, if you want to put the repository on a shared drive, despite all the recommendations against it, you must: (a) run the service as a normal user with access to the shared resource, (b) disable impersonation Obviously you lose any NTFS based access checks in this scheme. Tony