Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
andreas_bergen at delmia.de wrote: > Dear all, > > we have a Linux (RH-Fedora Core 2) Server authenticating to Active > Directory using Kerberos 5 and winbind. I've setup cvs (cvs-1.11.18 from winbind uses NTLM to connect and is unrelated to active directory. kerberos is rather difficult to configure, which is why few people use it. It does work when it's got right though. > linux-machines. SSH(!)-GSSAPI-authentication also works from > Windows-machines using the newest putty from css-security.com without > providing a password simply using the windows-credentials. Is there a > way They use MIT kerberos not Active Directory. There is an MIT version of gssapi for cvsnt but it's only built by default for the Unix versions - it's possible to build a Windows version (probably, haven't done it for a while) if you're primarily using MIT to connect. > I've been trying to use the newest cvsnt using gserver-authentication and > I always got the error-message > GSSAPI authentication failed: The specified target is unknown or > unreachable Your windows machine must be logged into the active directory and the server must be registered correctly... this is nontrivial (MS like you to use their own tools and don't make running servers on Unix boxes easy). The error returned there means that cvs at machine is not a registered SPN. You can do this using ktpass and setspn. > providing a password simply using the windows-credentials. Is there a way > to do Single Sign On (SSO) from Windows-Machines to our CVS-Server? If If you have winbind working the easiest way is to simply uncomment the WinbindWrapper line in /etc/cvsnt/PServer which enables SSPI. Tony