Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Dirk Weinhardt wrote: > Hi! > > I'm using CVSNT 2.5.04 with Windows XP (server and client). I have > managed to set up a CVSNT server that authenticates users against a > Windows Server 2003 AD domain (I'm using the gserver protocol). > cvsservice.exe is run as mydomain\cvs, SPN cvs/myclient.mydomain is > mapped to mydomain\cvs. "Run as user" is set to "(client user)". > > I'd expect cvsservice.exe to spawn an instance of cvs.exe as the user > that connects to the server (e.g. mydomain\dirk). But instead cvs.exe is > started as mydomain\cvs. cvs.exe is always started as LocalSystem, then it changes just after authenication. Don't change the user for cvsservice.exe unless you're sure you know the consequences - and when setting up definately don't as it'll just introduce other issues. cvsservice.exe creates its own SPN - I'm not sure it'll even authenticate unless it's mapped to the machine account - kerberos is very picky about what it allows. > Unfortunately that prevents me from using NTFS permissions to control > who may access the repository. If it's not impersonating it's probably a result of changing to a nonstandard configuration - get it working first, then start changing things one at a time. Tony