I install cvs using a small wrapper program that chroots it, as well as allows the repository to be safely maintained by a non-administrator user without any concern of stuff doing things it shouldn't. However, I am still limited to using the cvs passwd file. The wrapper makes it very simple to do a single-uid regular-user repository that can be accessed anonymously or directly. Using the rsh/ssh/kerberos rsh methods doesn't really help, since those require that you let the users log on to your server. No thanks. Here are a couple of ideas I had that might be a good way to make cvs easier to set up in a secure manner. 1. Extend my chroot wrapper to allow it to figure out what repository is being requested and chroot accordingly. This should be easy enough, just haven't done it yet - will involve a extra i/o layer between cvs and the client, but that shouldn't hurt much. (The extra I/O layer could be eliminated if the cvs pserver had some method to pass the initializing information other than stdin, or if cvs itself did the chrooting.) 2. Add a 'spserver' connection type that uses SSL. Sure, you could use ssltunnel, but that's alot more of a contortion, and it will hurt adoption by end users, simply saying CVSROOT=:spserver:... with a ssl capable cvs client would be alot easier. 3. Add a 'admins' file in cvsroot/CVSROOT that would quickly and easily allow you to define who can do stuff to the CVSROOT portion of the repository. I'm sure you could do this with some of the wrapper scripts/etc, but that's not particularly clean. Syntax could be something like ----------------- user:aurd: user1:ur:file1 file2 file3 ----------------- which would allow user to add update or read or delete any file, and user1 could update or read file1 file2 or file3. Initially though, I would suggest the file be simply a list of userids, like readers and writers. 4. After the ssl stuff is working, allow use of client certificates to authenticate instead of the cvs passwd file. 5. Add a command line flag that defines an anonymous user(s) - yes, you can do this by defining the user in the passwd file, but it would be nice to have ftp style anonymous connections, where you could put in your email address as the password and have that logged. Defining the user as anonymous would automatically apply a non-admin and non-writer restriction to the connection. These are just a few things that I think might yield a cvs server that is easier to setup and secure. All of the above changes should remain completely compatible with existing clients. The spserver method could still be used with ssltunnel for those users that wanted to do it that way. As for the SSL, I'd say just build it with OpenSSL - granted at the moment that's not legal in the U.S. unless you're building with rsaref and even then only for non-commercial - but it will be legal in a little over 6 months. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: [EMAIL PROTECTED] University of Missouri - Rolla Phone: (573) 341-4841 CIS - Systems Programming Fax: (573) 341-4216