I have tried ssh. It does work, will auth throuch pam_smb_auth using NT
passwords, not Unix ones.
However, I do experience a significant delay when invoking CVS for ssh
authorization (shows on the WSAD dialog box). The delay isn't too bad for
normal repository operations, (synchronizing, updating, commiting), but
becomes excessive when looking at multiple file diffs through the internal
diff browser.
It appears that each time I click on a different file in the tree for a
diff, it must reauthenticate to ssh, which in all reality, takes a two or
more seconds longer than the pserver method. While this isn't a
show-stopper, it is a long time to wait when looking a multiple file diffs.
The ssh delay is present for both a passwd/shadow authenticated user as well
as the pam_smb_auth user, so I don't think the delay comes from the remote
auth method.
Is there just something wrong with the ssh setup? Personally, I have always
experienced a slower login with ssh versus telnet.
Thanks for the help.
Cary
- Original Message -
From: Maarten de Boer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 3:53 AM
Subject: Re: Auth using PAM
Cary Coulter wrote:
Is there a patch for 1.11.6 CVS for using PAM on Linux for user
authentication? We're using WSAD/Eclipse and understand the 1.11.6
is as new as we can go for now.
I really think you don't want to do this. It is a lot better (a lot more
secure) to use CVS through ssh. I am not familiar however with
WSAD/Eclipse,
but I suppose you can configure it to use a external remote shell
connection
(:ext:) instead of pserver.
Our main development platform is Windows. I have a Linux machine using
pam_smb_auth to authenticate logins via our NT domain for the Windows
only users. Regular Unix users use the shadow file. All user/group
info is in /etc/passwd and /etc/shadow, only the passwords come from
NT.
Our CVS server is Linux, the password are on a SAMBA server, the clients
use CVS through ssh (mostly using the excellent CVS gui client LinCVS,
also for Windows), the CVS server authenticates the ssh login using the
pam_smb_auth module. (And the shells on the CVS server are very limited
chrooted shells that only allow to execute cvs)
Maarten
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs