Re: Auth using PAM

2003-12-02 Thread Cary Coulter 
I have tried ssh.  It does work, will auth throuch pam_smb_auth using NT
passwords, not Unix ones.

However,  I do experience a significant delay when invoking CVS for ssh
authorization (shows on the WSAD dialog box).  The delay isn't too bad for
normal repository operations, (synchronizing, updating, commiting), but
becomes excessive when looking at multiple file diffs through the internal
diff browser.

It appears that each time I click on a different file in the tree for a
diff, it must reauthenticate to ssh, which in all reality, takes a two or
more seconds longer than the pserver method.  While this isn't a
show-stopper, it is a long time to wait when looking a multiple file diffs.

The ssh delay is present for both a passwd/shadow authenticated user as well
as the pam_smb_auth user, so I don't think the delay comes from the remote
auth method.

Is there just something wrong with the ssh setup?  Personally, I have always
experienced a slower login with ssh versus telnet.

Thanks for the help.
Cary




- Original Message - 
From: Maarten de Boer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 3:53 AM
Subject: Re: Auth using PAM


 Cary Coulter wrote:
  Is there a patch for 1.11.6 CVS for using PAM on Linux for user
  authentication?   We're using WSAD/Eclipse and understand the 1.11.6
  is as new as we can go for now.

 I really think you don't want to do this. It is a lot better (a lot more
 secure) to use CVS through ssh. I am not familiar however with
WSAD/Eclipse,
 but I suppose you can configure it to use a external remote shell
connection
 (:ext:) instead of pserver.

  Our main development platform is Windows. I have a Linux machine using
  pam_smb_auth to authenticate logins via our NT domain for the Windows
  only users.  Regular Unix users use the shadow file.  All user/group
  info is in /etc/passwd and /etc/shadow, only the passwords come from
  NT.

 Our CVS server is Linux, the password are on a SAMBA server, the clients
 use CVS through ssh (mostly using the excellent CVS gui client LinCVS,
 also for Windows), the CVS server authenticates the ssh login using the
 pam_smb_auth module. (And the shells on the CVS server are very limited
 chrooted shells that only allow to execute cvs)

 Maarten




___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Re: Auth using PAM

2003-12-02 Thread Cary Coulter 
this is a 1Ghz P3 w/512mb.  No SMB being used for local passwd auth.

Can't believe this is TOO slow.


- Original Message - 
From: Patton, Matthew E., CTR, OSD-PAE [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 10:05 AM
Subject: RE: Auth using PAM


 Classification: UNCLASSIFIED

  -Original Message-
  From: Cary Coulter [mailto:[EMAIL PROTECTED]

  Is there just something wrong with the ssh setup?
  Personally, I have always
  experienced a slower login with ssh versus telnet.

 you have a slow machine. Telnet does ZERO encryption - that's why it's
 fast!! For every SSH session the two ends have to generate session keys at
 the very least, plus there is the overhead of key exchange if you use key
 based auth etc. Then if you do SMB on top of that, then the SMB layer
 (curtesy of PAM) has to generate it's own packets and network traffic to
 auth you.


 ___
 Info-cvs mailing list
 [EMAIL PROTECTED]
 http://mail.gnu.org/mailman/listinfo/info-cvs



___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Auth using PAM

2003-12-01 Thread Cary Coulter 



Is there a patch for 1.11.6 CVS for using PAM on 
Linux for user authentication? We're using WSAD/Eclipse and 
understand the 1.11.6 is as new as we can go for now.

Our main development platform is Windows. I have a 
Linux machine using pam_smb_auth to authenticate logins via our NT domain for 
the "Windows only" users. Regular Unix users use the shadow file. 
All user/group info is in /etc/passwd and /etc/shadow, only the passwords come 
from NT.

TIA
Cary

___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

CVSROOT/cvsignore

2002-12-19 Thread Cary Coulter 



I can't get the $CVSROOT/CVSROOT/cvsignore file to 
work correctly (what I think it should do :)). I put a single line entry 
with

vssver.scc

on it to keep these files from importing (we're 
migrating some projects from Visual SourceSafe), but they get 
importedand/or recognized as unknown files anyway. I really didn't 
want to have to include .cvsignore files in multiple 
subdirectories.

Can you help me understand what I'm doing 
wrong?

Thx
CaryCoulter
___
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs