"Dave Berger (CVS stuff)" wrote:
> With
>
> o CVS 1.11.1p1
> o Tru64 Unix 4.0F
> o "configure --with-gssapi" (using MIT Krb5 libs)
>
> I can't seem to get the --allow-root global option in inetd.conf
> to be enforced.
>
> Authenticating via Kerb5 and accessing the repos. works great,
> btw. The only trouble is, the client can specify any repos. path
> they want in the "-d cvsroot" string, as long as they have krb
> tickets (sets off my sysadmin warning bells...).
>
> I'm new to the CVS codebase, but it looks like I could get the
> behavior I want by putting a call to root_allow_ok() in server.c:
> gserver_authenticate_connection (). Is this correct (or is there
> a simpler way)?
Sounds like you found the trick, although it implies poor code factoring
between pserver_authenticate_connection
& gserver_authenticate_connection (gs... is called from ps...). Anyway,
I can't test from here, so if you can get it working, please submit the
patch to this list and I'll commit it if it looks good.
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED] CollabNet ( http://collab.net )
--
Don't confuse me with the facts, my mind's already made up!
_______________________________________________
Bug-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-cvs
