"Derek R. Price" <[EMAIL PROTECTED]> writes:
> Shouldn't you have been able to use GSSAPI to rewrite the client and
> server both in such a way that they didn't care what sort of
> authentication mechanism was hiding behind the GSSAPI
> (Kerberos/GSI/whatever)? Why didn't you?
CVS has a model in which the Unix user ID controls access to the
repository, and is used to indicate who made what change.
Given that, you need a mapping from the GSSAPI name to the Unix user
ID. GSSAPI will authenticate that the incoming connection has the
right to use a given GSSAPI name. But GSSAPI does not provide a
mapping between the GSSAPI name and the Unix user ID.
It would be possible to change CVS to use a different authentication
mechanism. But it's not obviously straightforward.
Ian
_______________________________________________
Bug-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-cvs
