- Marcus' HomeSitemap|Contact

CVS help - Configuration for use via SSPI

Diese Seite wurde zuletzt am 09.07.2004 geändert.

You can start using cvs just now, but I prefer to configurate it, only for security reasons. Note: The configuration explained on this page is for use with :sspi: only. For other protocols you probably have to change some things.

When you start using, sspi will accept connections from all system users that authenticate against the system (local or domain). If you don't want to change this you can go on with the usage. But often this is not really what we want, instead we want to use the same mechanism as is used with :pserver:. Here the CVSROOT/passwd file limits the logins accepted by CVSNT to those mentioned in the file. With :sspi: this is quite possible.

We'll also define an account that should be CVS administrator.

Limiting user access with sspi

If you want only some system users to be allowed to connect to CVS-server you have to list their account login names in the passwd file. You also have to set a parameter, so let's see. Note: You have to be logged in as a member of windows administrative group.

  1. Open the commandline and enter
    set cvsroot=:sspi:<computername>:/<repository>
    set cvsroot=:sspi:fuchs:/testrep
  2. Add a new user with the passwd-command
    cvs passwd -a <newuser>
    cvs passwd -a Administrator
    Administrator is the Account known to Windows. [ 1 ] Why is there the parameter -a?
  3. You should see something like
    Adding user Administrator@fuchs
    New password: 
  4. Just press Enter, while sspi does not need a password, read [ 2 ] for an explanation. And on
    Verify password: 
    also just press enter.
  5. If you see a message like
    cvs [server aborted]: Only administrators can add or change another's password
    you are not logged in as an administrator.
  6. This is optional, read [ 3 ].

Just now everyone could connect to our CVS-server, so finally we have to edit a file named config. To edit this file we have to checkout our first module - CVSROOT. Lets use the first time CVS.

  1. Create a directory you want to have your local copies in.
    mkdir <Your Sandboxdirectory>
    mkdir sandboxes
    And change to it
    cd sandboxes
  2. Checkout CVSROOT [ 4 ] with following command
    cvs co CVSROOT
    You should see an output like this:
    cvs server: Updating CVSROOT
    U CVSROOT/checkoutlist
    U CVSROOT/commitinfo
    U CVSROOT/config
    U CVSROOT/cvswrappers
    U CVSROOT/editinfo
    U CVSROOT/loginfo
    U CVSROOT/modules
    U CVSROOT/notify
    U CVSROOT/rcsinfo
    U CVSROOT/taginfo
    U CVSROOT/verifymsg
    cvs server: Updating CVSROOT/Emptydir
  3. Change to the newly created directory
    cd CVSROOT
  4. Enter
    edit config
    which opens config in an editor. You can open this file with any texteditor as well.
  5. Simply add a new line and type
  6. Save and close the file.
  7. Commit your changes to the repository. Therefor first enter
    cvs status -q
    For an explanation see [ 5 ]. You'll see a message like
    cvs server: Examining .
    File: checkoutlist      Status: Up-to-date
    File: commitinfo        Status: Up-to-date
    File: config            Status: Locally Modified
    File: cvswrappers       Status: Up-to-date
    File: editinfo          Status: Up-to-date
    File: loginfo           Status: Up-to-date
    File: modules           Status: Up-to-date
    File: notify            Status: Up-to-date
    File: rcsinfo           Status: Up-to-date
    File: taginfo           Status: Up-to-date
    File: verifymsg         Status: Up-to-date
    cvs server: Examining Emptydir
  8. To commit your changes enter:
    cvs ci -m<Log message>
    cvs ci -m"SystemAuth were set to no"
    The output should look like:
    cvs commit: Examining .
    cvs commit: Examining Emptydir
    Checking in config;
    /testrep/CVSROOT/config,v  <--  config
    new revision: 1.2; previous revision: 1.1
    cvs server: Rebuilding administrative file database
  9. Done. Now noone could connect to CVS-server if he isn't noted in passwd.

Administrating the repository, users with admin rights

As you could read above: By default only users of the windows administrative group could add a new user to CVS. That's because of no other definition, and therefor the system admin(s) are taken as CVS admin(s). But with editing a file called admin you can define the system user(s) that should be CVS admin(s). This file has to be edited directly on the server and should not be handled via CVS.

  1. Create a textfile called "admin" in CVSROOT\
  2. Enter every Account, that should be allowed to administrate CVS, to a seperate line. After that it could look somethink like this:
    #This is an example only.
    In the above example only the two accounts "Tony" and "Bo" could administrate CVS. Lines starting with "#" are comments.
  3. Save and close the file.

That's it, configuration is done and we can now start using our own CVS-server.

[1] To get help for a command just enter cvs -H <command>.
Try it with cvs -H <passwd> and you'll see why we used -a.

[2] Note that there is no need for entering passwords, sspi uses the system login and the passwd file is only used as a list of accepted users.

[3] With the steps b to d you can always add a user, if you are a CVS admin.

[4] CVSROOT is a module like any other you could add later on, but with files used by CVS.

[5] You should always do this before commit changes. I recommend you to read the installed docs.

Remember: I tested this, where Server and Client are running the same machine with Windows 2000 Pro.