Thanks. That sounds like an okay solution. I'll give that a twirl. tim ----- Original Message ----- From: "Matthew Herrmann" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, May 02, 2004 7:55 PM Subject: RE: Fw: need to force username of cvs 'action' when using sharedSSHaccount
> Hi Tim, > > Ironically enough, exactly what you are asking for is pserver access. > Because the username can be fairly easily overridden in this method, it's > not considered secure (but in a normal work environment it's fine). The ssh > method of connecting is secure for the precise reason that secure is managed > outside cvs and it _won't_ let you get around it. > > The only other suggestion is to add a commit-check which ensures that the > username is present in the commit message. You can set up a template which > commit messages must conform to, and then change the cvs editors on each > developer box so the pre-generated form comes up each time. > > This is a hack, but I can't see how you can do what you're after otherwise. > > Best Regards, > > Matthew Herrmann > ---------------- > Director > Far Edge Technology > http://www.faredge.com.au/ > > -----Original Message----- > Date: Sun, 2 May 2004 11:33:46 -0400 > From: "Tim Grotenhuis" <[EMAIL PROTECTED]> > Subject: Fw: need to force username of cvs 'action' when using shared > SSHaccount > To: <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > > > > > > Is there a reason why you can't use the old-fashioned strategem > > > of one account per developer ? > > My ISP won't give me additional accounts. > > > > You can also use $HOME/.ssh/environment on the client side to tunnel > > > environment variables of your choice. I've never tried it myself, I > > > just saw that in the ssh man page. (Your developers would be able to > > > cheat, though.) The trouble is, CVS doesn't look at the environment to > > > decide who's calling. > > My script that runs in the command="" option in the authorized_keys2 file > runs successfully and I can control the input based on which key (ie, which > developer) is used. I am looking for the correct environmental variable > that CVS WILL look at. > > > > > > > > There HAS to be a way to force cvs to record the correct committer > > > > name. > > > > > > Why ? Why would cvs extract that information from a source other than > > > its own euid ? > > I just can't imagine that this hasn't been required before: a single shell > account with a used id of, for example, 'cvsuser' requiring SSH, instead of > pserver, authentication and access for developers. The nature of CVS, that > of tracking diffs and who did what when, seems to be compromised in this > situation. Thats all. > > > > _______________________________________________ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > > > _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
