Re: PAM Authentication?

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM Authentication?

From:	Todd Denniston
Subject:	Re: PAM Authentication?
Date:	Mon, 24 Jan 2005 16:20:24 -0500

Jeff Smith wrote:
> 
> I am trying to bring cvs into my company.  I am
> working with one of our Solaris admins on getting the
> product installed and configured.
> 
> We have run into a problem with getting the PAM
> authentication working.
> 
> I really don't know anything about PAM, my admin
> probably does, but we have followed the instructions.
> 

Which instructions?
I see no PAM here
https://www.cvshome.org/docs/manual/cvs-1.11.18/cvs_26.html#INDEX1_6
Or here
https://www.cvshome.org/docs/manual/cvs-1.12.11/cvs_27.html#INDEX2_2


Is y24jds a username at the OS level, i.e., not just for CVS?
if it is then pserver should just use the system's login, or something close
to it, which would automatically use PAM.

<SNIP>
> When I do the command:
> 
> cvs -d :pserver:address@hidden:/cvs login
> it does prompt for a password, and I put in the right
> one.
> 
> But I get:
> cvs login: authorization failed: server cvsdev
> rejected access to /cvs for user y24jds
> 
> In the /var/adm/messages, I see the output:
> 
> cvs[26366]: [ID 926525 daemon.notice] login failure
> (for /cvs)
<SNIP>
> We also might have another complication entering in.
> Our Unix servers run a very intrusive security program
> called E-Trust.  It is so powerful that it can even
> limit what root can do.  We have a data security team
> that administers it, but trobuleshooting with them can
> be difficult sometimes and I'm not really sure it is a
> factor yet.

Is there a reason why you have chosen pserver as your connection method?
>From the sound of it, your group would be a bit more on the paranoid side
and would expect after reading a bit on pserver security
https://www.cvshome.org/docs/manual/cvs-1.12.11/cvs_2.html#SEC33
http://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=pserver+security&submit=Search%21&idxname=info-cvs&max=20&result=normal&sort=date%3Alate
that pserver would be disallowed.

I would have more expected you to use :ext: with CVS_RSH=rsh or CVS_RSH=ssh
https://www.cvshome.org/docs/manual/cvs-1.12.11/cvs_2.html#SEC29

> 
> Where do I start trying to troubleshoot this?
https://www.cvshome.org/docs/manual/cvs-1.12.11/cvs_21.html#SEC210
> 
> Thanks!
> 
> Jeff

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane) 
Harnessing the Power of Technology for the Warfighter

[Prev in Thread]

Current Thread

[Next in Thread]

PAM Authentication?, Jeff Smith, 2005/01/24
- Re: PAM Authentication?, Todd Denniston <=
  - Re: PAM Authentication?, Jeff Smith, 2005/01/25
    - Re: PAM Authentication?, Todd Denniston, 2005/01/25

Prev by Date: Re: CVS diff and unknown files.
Next by Date: Security Breach Alert - CVS Home File Download Area Compromised
Previous by thread: PAM Authentication?
Next by thread: Re: PAM Authentication?
Index(es):
- Date
- Thread