Wim Bertels <[EMAIL PROTECTED]> writes: > for now this what i did: > > for example: > 1. SSH > if u put > test: ... :/var/lib/cvs:usr/bin/cvs
Assuming you meant to put /usr/bin/cvs in the passwd file, this is not good as it needs the 'server' command-line argument rather than whatever arguments the init process might pass to a login shell. > in the /etc/passwd file > U cant connect using ssh to the cvs server (the cvs command alone is not > enough, dont ask me why, > but i suppose it also needs things like ls, mkdir, scp ..) > so the only way is to use a restricted shell instead of /usr/bin/cvs > but then again, the user has shell access (maybe use chroot or something) Yes, a restricted shell that knows how to execute /usr/bin/cvs is fine. You will have problems using chroot unless you put your entire repository into the chroot()ed jail too. > so i'm not using this, but i'm using the following > 2. pserver and stunnel > why? no shell, secure connection.. There are multiple methods of access for multiple kinds of users. > maybe it would be a good idea to have a config file like you have for > example for postgresql > (pg_hba.conf), where you can put who can connect in which way (including > ident, pam, md5, krb5..) to the server The development version of cvs (1.12.1.1) in the cvshome.org repository has at least part of a PAM implementation for :pserver: connections. I have not used it myself. Good luck, -- Mark _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs