Re: Questions on pserver authentication
Todd Foster wrote: I am trying to determine how pserver authentication works. I understand when you do a cvs login that it creates ~/.cvspass file. Therefore, I'm guessing that whenever you are running cvs commands cvs blindly combines the USER from whichever method wins (either using the pserver info found in the local working copy or in the $CVSROOT or in the -d) and uses the password from the ~/.cvspass of whoever is running the commands. Is this correct? No, there is nothing "blind" about this. CVS determines the user ID from the CVSROOT information. It searches for the CVSROOT information in this order: 1) the global -d option 2) the file ./CVS/Root 3) the CVSROOT environment variable CVS then parses the CVSROOT information, and if the :pserver: method is specified, it looks up the CVSROOT in $(HOME)/.cvspass (note that it is not necessarily ~/.cvspass - $HOME is frequently set to ~). So, if user1 goes into a cvs directory created by user2 and tries to do cvs commands in there, it uses the username found in the local working copy (user2) and combines that with ~user1/.cvspass and authentication fails. One way around that is to override the user explicitly to user1 with the cvs -d option. However, this is a very annoying way to get around the problem. You could delete the file CVS/Root, and make sure each user has the CVSROOT environment variable is set. If you're using *NIX, you could create an alias: alias cvs=cvs -d :pserver:[EMAIL PROTECTED]:/path on a per-user basis. Or you could wrap CVS in a script: # cvs-wrapper.sh cvs -d :pserver:$(USER)@server:/path $@ (or whatever the syntax is for 'all command line arguments - I'm not very experienced at shell scripts) and get everyone to use cvs-wrapper.sh instead of cvs. What I'm really wondering, is what does the pserver authentication do if the username is omitted from the pserver CVSROOT, then what happens? I haven't tried it, but you'll probably get an error, since the CVSROOT format for :pserver: requires a user name. -- Jim ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: Questions on pserver authentication
Todd Foster writes: > > I am trying to determine how pserver authentication works. I understand > when you do a cvs login that it creates ~/.cvspass file. Therefore, I'm > guessing that whenever you are running cvs commands cvs blindly combines the > USER from whichever method wins (either using the pserver info found in the > local working copy or in the $CVSROOT or in the -d) and uses the password > from the ~/.cvspass of whoever is running the commands. Is this correct? Almost. The .cvspass file records the entire CVSROOT specification (not just the user name) and the corresponding password. So, when you run a cvs command, it looks up the actual CVSROOT (whether from the working directory, the environment, or the command line) in .cvspass and uses the corresponding password (or an empty string if no corresponding password exists). > So, if user1 goes into a cvs directory created by user2 and tries to do cvs > commands in there, it uses the username found in the local working copy > (user2) and combines that with ~user1/.cvspass and authentication fails. Not necessarily, user1 could have logged in using user2's CVSROOT setting (or copied the entry from user2's .cvspass file). But it's a very bad idea to share working directories -- the whole point of CVS is to allow concurrent changes in a controlled fashion and you can very well be making concurrent changes if you're sharing the working directory. > What I'm really wondering, is what does the pserver authentication do if the > username is omitted from the pserver CVSROOT, then what happens? Since it > can't determine username from the CVSROOT, does it use the USER who is > running the command? Yes. > In that scenario, if user1 goes into user2's directory and does a cvs > command, since it can't find the username in the pserver information, would > it combine user1 with ~user1/.cvspass and work just fine? It depends on whether the CVSROOT that's recorded in that working directory (in CVS/Root) has a user name in it or not. -Larry Jones Any game without push-ups, hits, burns or noogies is a sissy game. -- Calvin ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs
Re: Questions on pserver authentication
Thanks Larry, that sounds like what we need to do for our environment. I just want to make sure I understand what the CVSROOT would look like without the user name. Old: :pserver:[EMAIL PROTECTED]:/proj/cvsroot New: :pserver:/proj/cvsroot OR :pserver::/peroj/cvsroot Do you need to have extra colon's to delineate the boundaries with a blank user name or is CVS smart enough to realize there are only two parameters and use the pserver and the directory? We don't need to keep the @blah.com in there for any reason, do we? Todd From: [EMAIL PROTECTED] (Larry Jones) To: [EMAIL PROTECTED] (Todd Foster) CC: info-cvs@gnu.org, [EMAIL PROTECTED] Subject: Re: Questions on pserver authentication Date: Fri, 13 May 2005 17:20:44 -0400 (EDT) Todd Foster writes: > > I am trying to determine how pserver authentication works. I understand > when you do a cvs login that it creates ~/.cvspass file. Therefore, I'm > guessing that whenever you are running cvs commands cvs blindly combines the > USER from whichever method wins (either using the pserver info found in the > local working copy or in the $CVSROOT or in the -d) and uses the password > from the ~/.cvspass of whoever is running the commands. Is this correct? Almost. The .cvspass file records the entire CVSROOT specification (not just the user name) and the corresponding password. So, when you run a cvs command, it looks up the actual CVSROOT (whether from the working directory, the environment, or the command line) in .cvspass and uses the corresponding password (or an empty string if no corresponding password exists). > So, if user1 goes into a cvs directory created by user2 and tries to do cvs > commands in there, it uses the username found in the local working copy > (user2) and combines that with ~user1/.cvspass and authentication fails. Not necessarily, user1 could have logged in using user2's CVSROOT setting (or copied the entry from user2's .cvspass file). But it's a very bad idea to share working directories -- the whole point of CVS is to allow concurrent changes in a controlled fashion and you can very well be making concurrent changes if you're sharing the working directory. > What I'm really wondering, is what does the pserver authentication do if the > username is omitted from the pserver CVSROOT, then what happens? Since it > can't determine username from the CVSROOT, does it use the USER who is > running the command? Yes. > In that scenario, if user1 goes into user2's directory and does a cvs > command, since it can't find the username in the pserver information, would > it combine user1 with ~user1/.cvspass and work just fine? It depends on whether the CVSROOT that's recorded in that working directory (in CVS/Root) has a user name in it or not. -Larry Jones Any game without push-ups, hits, burns or noogies is a sissy game. -- Calvin ___ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs