Can't access D0CVS - update

Newsflash: users of d0sshcvs need to read this.

• connect (read or write) may fail due to the presence of the REMOTEUSER keyword.

  All such keywords have been removed. This may cause some write accesses to fail. If you have any problems, please contact me at the address at the bottom of this page. Please include the exact date and time when the problem occured.

• Write will fail unless you are running under an ssh-agent.

  We need to know your username to allow you write access and it's only the agents that correctly send that information. Follow the instructions at using ssh with cvs.

Can't access D0CVS

<d0mino> addpkg -h muo_examine
Adding package "muo_examine" to ".".
using package special cvs server
cvs -d cvsuser@d0cvs.fnal.gov:/cvsroot/d0cvs checkout -P muo_examine
kshd: Permission denied.
trying normal rsh (/usr/bsd/rsh)  WARNING: NO ENCRYPTION!
cvs [checkout aborted]: received interrupt signal

1. You are not registered to the repository for the access method you are using. NOTE: registration does not expire. So if you've priviously been able to access the repository with your current setup this is not the problem. However, offline/online and onsite/offsite setups and setup requirements vary, so keep that in mind.
   • From most Fermilab machines or any kerberized machine where you "setup d0cvs", you need your principal registered. Send your principal, usually "username@FNAL.GOV" to d0-release-mgr@fnal.gov and ask that it be registered in d0cvs.

     This should be done automatically when your D0 CAS (d0mino*/CAB etc) account is created. But older ones may not be there and it won't be there if your principal differs from the standard <username>@FNAL.GOV form. If in doubt, ask.

   • At most off site machines, where you "setup d0sshcvs" you need your ssh public key (RSA 1) registered. Generate a key

                     ssh-keygen           # on an ssh 1 system
                     ssh-keygen -t rsa1   # on most modern systems
               

     and send it (identity.pub by default) to d0-release-mgr@fnal.gov

     See Converting from cvs and cvsh with rsh to ssh for details on how to use ssh to access a repository.

   Please indicate that you want your principal or public key registered with D0CVS and who you are. There are lot's of things I could do with these. Most of them won't get you registered. My crystal ball also has been broken for some time now. So please help out.

   NOTE: Neither kerberos principals nor ssh keys are machine dependent. They authenticate you. There is a seperate authentication that happens for your machine that you don't see.

2. You don't have a valid forwardable kerberos ticket if on a kerberized machine (eg almost any machine at Fermilab). Do a "klist -f" to check. You must have a ticket. It must not be expired and there must be an "F" in the "Flags:" field. If any of these are not true, go back to wherever you got your initial ticket and get a new one, in a secure manner. Then log in to your working machine, making sure that the ticket is forwarded and forwardable at each step.

3. If using rsh (setup d0cvs) access, check that a kerberized rsh is found first, "which rsh" or "type rsh".
   • Arrange PATH such that the directory containing the kerberized rsh is before any others. This may require changes in system files.
   • set the environmental variable CVS_RSH to point to your kerberized rsh. This method is immune to changes in PATH but requires knowledge of your installation.

     NOTE: this can be done in $D0CVS_DIR/ups/d0cvs.table by adding a line "envSet(CVS_RSH,....)" where the '....' is the full path to your rsh. Put it after the definition of CVSROOT.