Assar Westerlund wrote:
> "Derek R. Price" <[EMAIL PROTECTED]> writes:
> > > Not at all. Before, you had to have a key for cvs@gethostname(), but
> > > now any key stored in /etc/krb5.keytab can be used for
> > > authentication. What worked before still works, and it is simpler for
> > > people with multihomed servers and such.
> >
> > Might this be perceived as a loss of functionality to some people, or
> > perhaps less secure?
>
> I don't see how it could be seen as a loss of functionality. It might
> however, for some people be seen as a change in functionality. I've
> cooked up a new patch that should even make those picky people happy.
> Instead of only accepting authentication for cvs@gethostname() which
> was the old way it now accepts authentication for any cvs@*. This
> should make things work for multi-homed servers and not change the
> functionality in any perceived way. Any comments on this patch?
Please excuse my light grounding in Kerberos, but could you enlighten me a
little further as to the reasons behind this and the possible repercussions?
What, exactly is a multi-homed server? Also, what is preventing me from
setting up Kerberos on my own outside server (say, kdc.priuvate.org), using
kinit to grant myself a token for [EMAIL PROTECTED] on my current machine
(say, work.big.com), then using that (previously invalid) token to grant
myself access to the local cvs server (cvs.big.com)?
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED] OpenAvenue ( http://OpenAvenue.com )
--
We have plenty of youth, how about a fountain of smart?
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
