Julian Opificius wrote: > <SNIP> > Thanks for this input! > > The problem is that each of these articles achieve their intended > results by restricting commands to "cvs". I don't want to do that: my > CVS users are my engineering department members with legitimate logins. > It's only access to the CVS repositories that I have to control. PServer > through ssh does exactly what I want in that regard. >
Big question: What do you think using :pserver: at this point, gain you and your users over just :ext: over ssh? Because they already have (and will continue to have) valid system shell login, from here it only looks like more admin trouble to setup and maintain pserver, plus it probably reduces the authentication or authorization you had from the ssh and system level, especially when a new pserver hole comes out. > I have solved most of my admin problem by running admin users as their > themselves using $CVSROOT/CVSROOT/passwd entries like this: > "username:password" > rather than as the global cvs user: > "username:password:cvs" <SNIP> Why use the $CVSROOT/CVSROOT/passwd at all, just use the system authentication fallback, it SHOULD make your life easier because only the system level auth files need scrubbed when someone leaves not the system level AND all the cvs repos. -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ Info-cvs mailing list Info-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/info-cvs