Dirk Weinhardt wrote: > Hi! > > I'm using CVSNT 2.5.04 with Windows XP (server and client). I have > managed to set up a CVSNT server that authenticates users against a > Windows Server 2003 AD domain (I'm using the gserver protocol). > cvsservice.exe is run as mydomain\cvs, SPN cvs/myclient.mydomain is > mapped to mydomain\cvs. "Run as user" is set to "(client user)". > > I'd expect cvsservice.exe to spawn an instance of cvs.exe as the user > that connects to the server (e.g. mydomain\dirk). But instead cvs.exe is > started as mydomain\cvs.
cvs.exe is always started as LocalSystem, then it changes just after authenication. Don't change the user for cvsservice.exe unless you're sure you know the consequences - and when setting up definately don't as it'll just introduce other issues. cvsservice.exe creates its own SPN - I'm not sure it'll even authenticate unless it's mapped to the machine account - kerberos is very picky about what it allows. > Unfortunately that prevents me from using NTFS permissions to control > who may access the repository. If it's not impersonating it's probably a result of changing to a nonstandard configuration - get it working first, then start changing things one at a time. Tony _______________________________________________ cvsnt mailing list cvsnt@cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt Upgrade to CVS Suite for more features and support: http://march-hare.com/cvsnt/