RE: CVS authentication using LDAP.

[Arthur Barrett]

Mark,
 
The best place for CVSNT specific questions is the CVSNT newsgroup:
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
or
news://news.cvsnt.org/support.cvsnt

There are free/GPL builds of CVSNT for Solaris Sparc on the web site
(they are standard Solaris install packages so there is no need to build
from source). Note: use the x32 bit builds and only switch to x64 bit if
after several months you find you need the additional memory - the x32
bit builds are much easier to install and configure.  
 
If you are mostly using CVSNT clients (WinCVS is a GUI only and 'calls'
the installed CVSNT client to actually do the 'work') then there are
advantages to using CVSNT Server including the extended protocols and
merge tracking/merge points - plus the server supports access control
lists on modules and branches, failsafe auditing, etc etc.
 
Regards,
 
 
Arthur Barrett
 
 

        -----Original Message-----
        From: Risman, Mark [mailto:mark.ris...@mlb.com] 
        Sent: Wednesday, 13 May 2009 5:32 AM
        To: Arthur Barrett; info-cvs@nongnu.org
        Subject: RE: CVS authentication using LDAP.
        
        
        Arthur,
         
        Apologies for the key details I left out in my original message,
but it seems like you've already figured out one of them -- we have many
users currently using :pserver: and we don't want to create accounts on
the server machine for them, if we can at all avoid it. This is where I
think the CVSNT application could come in handy. Thanks very much for
this tip!
         
        The other key detail, though, is the fact that we're a Solaris
shop. Many of our repository users are Windows-based, and are using a
version WinCVS which already supports the CVSNT-extended authentication
methods, but our repository and some of our users are running under
Solaris. Does anyone know of any risks to using CVSNT under Solaris?
>From looking at the CVSNT website it seems that the free/GPL UNIX
version is designed for Linux, not Solaris.
         
        Thanks again,
        - Mark

  _____  

        From: Arthur Barrett [mailto:arthur.barr...@march-hare.com] 
        Sent: Monday, May 11, 2009 3:29 PM
        To: Risman, Mark; info-cvs@nongnu.org
        Subject: RE: CVS authentication using LDAP.
        
        
        Mark,
         
        If you configure your unix/linux server to perform 'normal' ssh
authentication with LDAP then a cvs client using ssh will also use LDAP
and the SSH protocol is fairly secure.  Refer to your operating system
documentation or vendor technical support for instructions on how to
configure ssh to perform LDAP authentication.  
         
        Once you have that working, if you are using a CVSNT client on
Windows (like WinCVS or TortoiseCVS) then you can use the CVSROOT
connection string :ssh:server:/repo, otherwise (non CVSNT clients, or
CVSNT on non-Windows) you use :ext:server:/repo
         
        Alternatively if you rely heavily on 'pserver' type 'alias'
users and want to keep them then CVSNT Server is free/GPL and runs on
linux/unix and supports PAM for all protocols including SSERVER (which
is a 'secure' pserver).
         
        Regards,
         
         
        Arthur Barrett
         

                -----Original Message-----
                From:
info-cvs-bounces+arthur.barrett=march-hare....@nongnu.org
[mailto:info-cvs-bounces+arthur.barrett=march-hare....@nongnu.org] On
Behalf Of Risman, Mark
                Sent: Tuesday, 12 May 2009 1:41 AM
                To: info-cvs@nongnu.org
                Subject: RE: CVS authentication using LDAP.
                
                

                Hi, 

                        Similar to this request, does anyone have any
wisdom on a good way to set up CVS authentication via LDAP, but in a
manner which allows the password to be secured as it travels across the
network?

                        Currently we already have LDAP up and running,
and we use CVS version 1.11.17. I could upgrade this to a 1.12 version
with PAM support, but I'm not inclined to bother doing that until I have
a solution to the authentication issue.

                        In my research I came across one possibility
which uses "stunnel", which is SSL tunneling software I'm not familiar
with, but I'm wondering if anyone has had experience using this or any
similar method for CVS user authentication.

                        I understand this is all probably a familiar
question to everyone, but if someone could point me toward some basic
information that would help me to implement this, I would appreciate it.

                Thank you, 
                - Mark 


                From:   cvs admin        
                Subject:        CVS authentication using LDAP.   
                Date:   Wed, 29 Mar 2006 12:17:23 +0530  

                  _____  
                

                Hi , 
                  
                In the present scenario, we have usernames/passwords
stored for each repository on the CVS system itself. We would like to
use the LDAP server for CVS authentication which stores all the Network
login IDs and passwords. This way we wouldn't have to store passwords on
the server and users will have to remember only their network/windows
login password. 

                For this, we might have to install some system level
packages related to PAM (which supports LDAP authentication). 
                  
                So anybody have any links or docs to configure the LDAP
on Red Hat Enterprise Linux AS release 4 (Nahant Update 2) 


                Thanks for help in advance. 
                  
                cheers 
                Om 


                
                
        
**********************************************************
                
                MLB.com: Where Baseball is Always On

        
        
        
        
        **********************************************************
        
        MLB.com: Where Baseball is Always On