LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   cvs login: authorization failed: (https://www.linuxquestions.org/questions/linux-server-73/cvs-login-authorization-failed-4175439285/)

LittleMaster 11-29-2012 03:54 AM
cvs login: authorization failed:
 
Hi All,

I have tried to login normal user with CVS.but I cannt able to login as below .

[root@sherpa ~]# export CVSROOT=:pserver:swami@10.x.xx.xx:/home/cvs/
[root@sherpa ~]# cvs login
Logging in to :pserver:swami@10.x.xx.xx:2401/home/cvs
CVS password:
PAM authenticate error: Authentication failure
cvs login: authorization failed: server 10.x.xx.xx rejected access to /home/cvs for user swami.

Please do help ..

tronayne 11-29-2012 08:59 AM
Do you have a file
Code:
.cvspass
in your home directory; it's not there by default, you have to create it. It should have this permission mask:
Code:
ls -l .cvspass
-rw------- 1 trona users 182 Mar 18  2011 .cvspass
It's content looks like
Code:
cat .cvspass
/1 :pserver:trona@fubar.com:2401/usr/local/cvsroot A%y!4Kw1"
/1 :pserver:trona@snafu.com:2401/usr/local/cvsroot A%y!4Kw1"
/1 :pserver:trona@pita.com:2401/usr/local/cvsroot A%y!4Kw1"
The above allows me access to CVS on three different servers. Those lines are put in the file by a successful CVS login.

You may be able to stop here -- just add the .cvspass file to your home directory and see if that works for you. If it does, great. If not, try the stuff below.

Do you have a password file in /usr/local/cvsroot/CVSROOT/passwd (or wherever your cvsroot is); it's not there by default, you have to have created it to use CVS passwords.

The passwd file has the structure
Code:
user:encrypted
You can add user names and encrypted passwords to that file with a text editor:
Code:
su -
vi /usr/local/cvsroot/CVSROOT/passwd
Where can you get the encrypted password? Ah-ha! Two ways: copy the user's password from /etc/shadow or generate one with a little program listed below.

A user password in /etc/shadow looks like this:
[code]
su -
grep joey /etc/shadow
joeytest:$1$1f7yM/VX$rxAEdKoFUD32GaHnsLehp/:15522:0:99999:7:::
Code:
All you want in /usr/local/cvsroot/CVSROOT/passwd is the first two fields:

       
Code:

       
su -
grep joeytest /etc/shadow | awk 'BEGIN { FS=":" } { printf ("%s:%s\n", $1, $2); }' >> /usr/local/cvsroot/CVSROOT/passwd

Obviously you could simply
[code
grep joey /etc/shadow >> /usr/local/cvsroot/CVSROOT/passwd
then use an editor to delete :15522:0:99999:7::: from the end of the line.

Downside of this is that you have to redo it every time the user's login password are changed, not good, better to have a separate CVS password.

That's where this little utility, cvspas.c, comes in:
Code:
#include <stdio.h>
#include <stdlib.h>
#include <pwd.h>
#include <time.h>
#define        _XOPEN_SOURCE
#include <unistd.h>

extern        char        *crypt        (const char *, const char *);

void        main        (int argc, char *argv [])
{
        char        salt [3];
        char        *passwd, *encryptedpw;
        char        *user;
        int        i;

        /*        seed the random number generator        */
        srand ((int) time ((time_t *) NULL));
        /*
        *        we need two random numbers in the range
        *        >= 65 <= 90 or >= 97 <= 122 (that's A - Z
        *        or a - z inclusive) for the salt characters
        */
        while ((i = rand()) < 65 ||
                i > 90 && i < 97 ||
                i > 122)
                ;
        salt [0] = i;
        while ((i = rand()) < 65 ||
                i > 90 && i < 97 ||
                i > 122)
                ;
        salt [1] = i;
        salt [2] = '\0';
        /*        find out who we are                        */
        if ((user = getenv ("USER")) == (char *) NULL) {
                (void) fprintf (stderr,
                    "%s:\tunable to determine user id\n",
                    argv [0]);
                exit (EXIT_FAILURE);
        }
        /*        ask for the password                        */
        passwd = getpass ("Password to encrypt: ");
        /*        crypt() only looks at the first two characters of salt        */
        encryptedpw = crypt (passwd, salt);
        (void) fprintf (stdout, "%s:%s\n", user, encryptedpw);
        exit (EXIT_SUCCESS);
}
Save that as cvspas.c then
Code:
cc -s -o cvspas cvspas.c -lcrypt
When you execute it
Code:
cvspas
Password to encrypt: somepassword
trona:gUUk8pzizPmCQ
You won't see what you type for "somepassword" and the output will be the user ID you're using when you run it. Advantage of this? That line can be repeated for every CVS user with the "cvspassword" you typed; just paste as many copies of the output as need and edit the user names, something like this
Code:
fred:gUUk8pzizPmCQ
bill:gUUk8pzizPmCQ
sally:gUUk8pzizPmCQ
janet:gUUk8pzizPmCQ
Everybody in a particular group has the same CVS password (which may not be desired) or you can simply execute cvspas multiple times with different passwords, copy, paste and edit -- (cvspas will not repeat a password encryption on multiple runs. Keep in mind that only root can edit /usr/local/cvsroot/CVSROOT/passwd.

Now I must apologize right here that I don't know diddly-squat about PAM or what if anything you have to do with PAM to have CVS useful. All the above has been used on Solaris and multiple Linux distributions with no problems... but none of them used PAM, so I dunno from here. I hope this works for you.

Hope this helps some.


All times are GMT -5. The time now is 02:08 PM.