Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
> >SSPI is actually a little simpler still. As long as Marty has a valid > >account that will allow access to your machine (on the machine or in a > >trusted domain) then he can use that account to connect in a reasonably > >secure manner. > > So SSPI is already running on the server and I don't have to change anything > on the server? I would think I would at least have to disable the pserver so > no one would use it to compromise my security. You could do so yes. Just remove the pserver_protocol.dll and restart the service. It's not mandatory however. > >readers / writers files: Files in CVSROOT that control overall status > >to the repository. Controls only at the entire repository level, user > >based. > > In which document are these described? I have not see them in the > documentation. See Thomas' answer. > >The simplest way to grant him access is to: > >1) Make sure that Marty's user account on W2003 allows him control on > >the repository files. > > All of them? Directories too? Well, do you want him to be able to access the repository or not? Sure you have to grant him access to the stuff he should access. You could deny access to other stuff as well. Users of the repository need full access privileges on CVSNT's Temp folder however. > >If you don't want to create a Win2003 account for Marty then you can add > >him to the passwd file with the "cvs passwd" command. I suggest the > >SSPI setup described above since it's dead simple. > > Ah hah! That is what the passwd command is for! I kept trying to use it with > pserver in June or May and I could not get it to work. Does the passwd > command only work with SSPI? If so, that would explain my frustration! No, as far as I know it works with both. > I thought I read somewhere that creating NT accounts was more secure. Now I > think you are telling me that SSPI using the passwd command is more secure. > Is that correct? Perhaps I'm mistaken. You would have to create an NT account nevertheless I think unless you disable Impersonation in which case all repository access will happen as LocalSystem if I'm not mistaken which does not sound like a good idea to me. The passwd command could (among other things) be used to map a CVS user name to a real NT user account which will be used for impersonation. > >You don't necessarily need to. The default setting "Use System > >Authentication" tells CVSNT to try and validate against the Win user > >accts anyway. > > Where is this setting? In the CVSROOT/config file. You would have to checkout/modify/commit this file in order to change this setting. Hope this helps. -- Oliver ---- ------------------ JID: ogiesen at jabber.org ICQ: 18777742 (http://wwp.icq.com/18777742)