[EMAIL PROTECTED] on 2000.07.24 18:58:03
>Have you considered using SSH, port forwarding, and pserver? I think you could
>wrap CVS in something like the following:
>
> #!/bin/sh
> ssh -L30100:localhost:cvspserver remotehost.net
> CVSPORT=30100 cvs -d:pserver:$USER@localhost:/cvsroot "$@"
I'll look into using this. In the end, I would like the following:
1. Authentication via SSH keys only.
2. Many-to-one mapping of CVS client users to CVS server user. CVS should log a
separate identity for each client user while running as the one CVS server user.
(Of course, this scenario can be generalised to more than one CVS server user).
3. The CVS server should not run setuid or setgid.
4. No sysadmin involvement.
>In case you still think this solution isn't sufficient, I came up with a second
>objection to your authentication scheme. Without authentication on the server
>side, nothing is restricting the userids to uniqueness. Two or more of my
users
>(say [EMAIL PROTECTED] - a dialin account - and [EMAIL PROTECTED] - actually Jane
>Schmoe, Joe Schmoe had to use his middle initial for his work account since
Jane
>was hired first) could look like the same user depending on where they're
>connecting from. This doesn't actually require a home and work account. I've
>worked for organizations where users had different user IDs on the NT and UNIX
>domains, not to mention the test machines where developers would log in as root
>and create accounts with any name they like. Even if a developer weren't
trying
>to use the wrong name in such a case, it might be easier to do so by accident.
Yeah, you've convinced me. The CVS server must have separate identities for
each CVS user. I'll post a reverse patch to RCVS when I can (but it's doubtful
I can do it soon).
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
