Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Mon, 16 Jan 2006 10:57:39 +0800, Kwong Thomas <thokwong2001 at gmail.com> wrote: >Dear all, > >I am try to setup administrator in CVSNT, my CVSNT server version 2.051d Old unsupported version! > >The protocol I want to use is sspi > >I login the the server where CVSNT is installed, the login name is APPS_ADMIN. > >But, I an not able to set APPS_ADMIN as the administrator of the >repository in the server machine. > >Please help and let me know what step I have done wrong. > >What I did is the following:- > >1st, I create a repository call test >======================== >set cvsroot=:sspi:localhost:/test > >2st, I create a login in the server machine >============================== >C:\Documents and Settings\APPS_ADMIN>cvs passwd -a APPS_ADMIN >Adding user APPS_ADMIN at localhost >New password: >Verify password: This is not the way to add users for sspi. The passwd file (modified with cvs passwd) only affects pserver and sserver logins. For sspi all valid Windows users are accepted unless they are stopped by NTFS security or by the CVSROOT/readers file (or repository ACL:s, but that seems to be above your head just now). >3rd, I check out CVSROOT in another PC on the network >========================================= >and then I created a new file called "admin", it only have one line, >the contents as follows. > >APPS_ADMIN at localhost Incorrect format of admin file entry... >and then I import the whole module CVSROOT Why in heavens name would you *import* CVSROOT??? That module is the administrative module and should be handled with some degree of security... >I check-out CVSROOT again to verify the file "admin" is checked in successfully. Never, ever, make the admin file a part of the CVSROOT module for checkouts! This file is the single most important file for security administration of your server and should be protected from checkouts! It should *only* be modified by direct editing on the server machine itself by a user who has physical access to the server. Never ever via the CVS client/server connection! > >4th, I modify "config" file in CVSROOT >============================ >I set SystemAuth to "no" >SystemAuth=no > >And then I check in the config file. This locks down the server for sspi access too. >5th, I try to create another login in the server machine >====================================== >C:\Documents and Settings\APPS_ADMIN>cvs passwd -a thokwong >Adding user thokwong at localhost >New password: >Verify password: >cvs [server aborted]: Only administrators can add or change another's password > >But APPS_ADMIN is still not an administrator. Lucky for you the admin file is not a part of the admin files yet... You have to edit this file in place on the server. /Bo (Bo Berglund, developer in Sweden)