|
Actions:
|
2008-04-05 13:02 AEST by Arthur Barrett - By default a Unix/Linux based CVSNT server will require usernames are case
sensitive. However if the authentication is passed to an Active Directory
Server then the name passed from the client may not match the case of the name
returned from the server.
Notes from customer:
We have run into a problem when using SSPI with ntlm_auth authentication
which is included in the code protocols/sspi_unix.cpp.
Line 297 is this:
sspi_protocol_interface.auth_username = strdup(line+3);
It's setting the username to whatever the Domain Controller returns to
cvsnt and then will procedure to match ACL's in the group file against
this value. However, because windows is case insensitive, usernames
often have erroneous capitalization issues. For example, gpebdnxusr
becomes GPebdnxusr . Therefor, we have to manually put the capitalized
username in the group file. For us a viable solution would be to always
recast the value passed back from the domain controller to lowercase.
However, it seems like a more general solution that would work for the
broader community would be to set this variable to whatever value was
originally passed from the client to the cvsnt server. |