From: Georgette, Danielle (Danielle.Georgette@det.nsw.edu.au)
Date: Wed Jul 31 2002 - 09:09:00 EDT
It seems this is my week to ask for reference sites :-)
I'm attempting to migrate a cvs installation on a Tru64 5.1a pk2 to work in
an enhanced (c2) security environment and once again having a tough time of
it.
The cvs installation doesn't seem to want to touch the c2 authentication
framework, failing with different errors depending on the combination of
user and cvs authentication/CVSROOT I try:
1. Configured with a pserver passwd file containing the user and their
password as cut'n'pasted from the edauth -g output.
2. Tried having a pserver passwd file that the user was not in (which should
have prompted pserver to use the native system authentication and
/etc/passwd with what should be transparent c2).
3. Tried with no pserver passwd file (same expected result as above).
4. Tried to login using local rather than pserver.
No joy, and a different error each time. I've checked permissions, filenames
and paths, inetd.conf and /etc/services for spaces and control codes, etc
etc.
It seems the login attempts are never reaching the c2 subsystem because I
see nothing in logs or the security db about failed login attempts.
Otherwise CVS works fine, managing content as the cvs user on the local
machine works totally as expected. I can't find any information on how to
get cvs to log pserver connection attempts or verbosely tell me what its
doing when its trying to authenticate and failing. File/content change
logging during authenticated operation is all I can see on offer.
Does anyone have this working with c2 or have a clue what I might be doing
wrong ? Any idea how to get some meaningful logging happening ? My next step
is to use alphatrace on the binary but I thought I'd put this out to you all
and see what comes back.
root@node1:># su - cvs
node1.testh.det.nsw.edu.au> cvs -d
:local:cvs@node1.testh.det.nsw.edu.au:/path/app/cvs/mw login
cvs [login aborted]: CVSROOT cvs@node1.testh.det.nsw.edu.au:/path/app/cvs/mw
must be an absolute pathname
Logged in as cvs user (valid password valid account)
node1.testh.det.nsw.edu.au> cvs -d
:pserver:cvs@node1.testh.det.nsw.edu.au:/path/app/cvs/mw login
(Logging in to cvs@node1.testh.det.nsw.edu.au)
CVS password:
cvs login: authorization failed: server node1.testh.det.nsw.edu.au rejected
access to /path/app/cvs/mw for user cvs
root@node1:># telnet localhost 2401
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
cvs [pserver aborted]: bad auth protocol start:
Connection closed by foreign host
> cvs --version
Concurrent Versions System (CVS) 1.11 (client/server)
/etc/services: cvspserver 2401/tcp # cvs pserver
/etc/inetd.conf cvspserver stream tcp nowait root /usr/local/cvs/bin/cvs cvs
--allow-root=/path/app/cvs/mw pserver
Thanks again, as always,
Danielle Georgette
Internet Systems
ITD NSW DET
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:48 EDT