Eric Siegerman wrote:
> The user needs an *account* on the server; they don't need to be
> able to log into it.
>
>
> Actually, you might not need to create a login for every user.
> Just a single one, set up as above, should do. Give each user
> their own key-pair, and put all their public keys in the cvs
> account's authorized_keys -- all with `command="cvs server"'
> options of course.
Exactly.
Trouble is, this last configuration allows multiple users to use
the same account. That is usually considered a security No-No
(or at least it was, before PCs admitted us to the La-La Land
of insecurity, passwords saved with applications, etc.)
