Arthur, Apologies for the key details I left out in my original message, but it seems like you've already figured out one of them -- we have many users currently using :pserver: and we don't want to create accounts on the server machine for them, if we can at all avoid it. This is where I think the CVSNT application could come in handy. Thanks very much for this tip! The other key detail, though, is the fact that we're a Solaris shop. Many of our repository users are Windows-based, and are using a version WinCVS which already supports the CVSNT-extended authentication methods, but our repository and some of our users are running under Solaris. Does anyone know of any risks to using CVSNT under Solaris? From looking at the CVSNT website it seems that the free/GPL UNIX version is designed for Linux, not Solaris. Thanks again, - Mark
________________________________ From: Arthur Barrett [mailto:[email protected]] Sent: Monday, May 11, 2009 3:29 PM To: Risman, Mark; [email protected] Subject: RE: CVS authentication using LDAP. Mark, If you configure your unix/linux server to perform 'normal' ssh authentication with LDAP then a cvs client using ssh will also use LDAP and the SSH protocol is fairly secure. Refer to your operating system documentation or vendor technical support for instructions on how to configure ssh to perform LDAP authentication. Once you have that working, if you are using a CVSNT client on Windows (like WinCVS or TortoiseCVS) then you can use the CVSROOT connection string :ssh:server:/repo, otherwise (non CVSNT clients, or CVSNT on non-Windows) you use :ext:server:/repo Alternatively if you rely heavily on 'pserver' type 'alias' users and want to keep them then CVSNT Server is free/GPL and runs on linux/unix and supports PAM for all protocols including SSERVER (which is a 'secure' pserver). Regards, Arthur Barrett -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Risman, Mark Sent: Tuesday, 12 May 2009 1:41 AM To: [email protected] Subject: RE: CVS authentication using LDAP. Hi, Similar to this request, does anyone have any wisdom on a good way to set up CVS authentication via LDAP, but in a manner which allows the password to be secured as it travels across the network? Currently we already have LDAP up and running, and we use CVS version 1.11.17. I could upgrade this to a 1.12 version with PAM support, but I'm not inclined to bother doing that until I have a solution to the authentication issue. In my research I came across one possibility which uses "stunnel", which is SSL tunneling software I'm not familiar with, but I'm wondering if anyone has had experience using this or any similar method for CVS user authentication. I understand this is all probably a familiar question to everyone, but if someone could point me toward some basic information that would help me to implement this, I would appreciate it. Thank you, - Mark From: cvs admin Subject: CVS authentication using LDAP. Date: Wed, 29 Mar 2006 12:17:23 +0530 _____ Hi , In the present scenario, we have usernames/passwords stored for each repository on the CVS system itself. We would like to use the LDAP server for CVS authentication which stores all the Network login IDs and passwords. This way we wouldn't have to store passwords on the server and users will have to remember only their network/windows login password. For this, we might have to install some system level packages related to PAM (which supports LDAP authentication). So anybody have any links or docs to configure the LDAP on Red Hat Enterprise Linux AS release 4 (Nahant Update 2) Thanks for help in advance. cheers Om ********************************************************** MLB.com: Where Baseball is Always On ********************************************************** MLB.com: Where Baseball is Always On
