Yes, exactly. This is what happens now with pserver. Ideally, CVS should use
an environment variable REMOTE_USER that's set by authentication software (eg
SSH). But since I don't want to risk breaking SSH, I don't want to make the
change in it.
Noel
[EMAIL PROTECTED] on 2000.06.21 11:43:01
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Proposal: have client CVS send remote username to server CVS
So, if I understand you correctly, you're proposing to map a single user on the
server (connecting via SSH, RSH, or whatever) to many names within CVS, based on
the username seen by the client?
Derek
--
Derek Price CVS Solutions Architect
mailto:[EMAIL PROTECTED] OpenAvenue ( http://OpenAvenue.com )
--
Once at a social gathering, Gladstone said to Disraeli, "I predict,
Sir, that you will die either by hanging or of some vile disease".
Disraeli replied, "That all depends, sir, upon whether I embrace your
principles or your mistress."
Noel L Yap wrote:
> I was able to find the spot after all. To summarize, the patch will have the
> CVS server record the client username rather than the server username within
the
> CVS logs. I have not added a new CVSROOT/config option. When using pserver,
> there'll probably be just a little bit of extra processing, but there should
be
> no noticable difference (including in behaviour).
>
> I'll (try to) post a bunch of patches to SourceForge RCVS next week (yeah,
yeah,
> I know I've been saying this for the last couple of weeks; but /this/ time I'm
> /really/ gonna do it ;-)
>
> Noel
>
> [EMAIL PROTECTED] on 06/16/2000 03:31:07 PM
>
> To: [EMAIL PROTECTED]
> cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: Proposal: have client CVS send remote username to server CVS
>
> OK, I've decided to make such a patch. I'm not sure how to go about doing it,
> though. I can't find where in the code the client can send initial
information
> (ie remote username) over to the server. Can anyone give me a pointer?
>
> Thanks,
> Noel
>
> [EMAIL PROTECTED] on 06/11/2000 09:55:55 AM
>
> To: [EMAIL PROTECTED]
> cc: [EMAIL PROTECTED] (bcc: Noel L Yap)
> Subject: Re: Proposal: have client CVS send remote username to server CVS
>
> [EMAIL PROTECTED] on 2000.06.10 19:23:23
> >Pserver authentication is completely adequate :) It just runs over the
> >insecure channel and has unclean mixage of various subsystems in its
> >current, non-nserver form.
>
> No, it's not, it's extremely prone to replay attacks and stolen .cvspass
files.
> Furthermore, the encryption of the .cvspass file is reversible, meaning that,
> given a .cvspass file, /anyone/ can figure out the plaintext password.
>
> More than that, any code dealing with security _must_ be audited to ensure
that
> it is secure. I don't think that's been done to any of the CVS code; I don't
> think it should be necessary.
>
> Besides, nserver doesn't address the concerns of those who want to use
> CVS_RSH=ssh.
>
> Noel
>
> This communication is for informational purposes only. It is not intended as
> an offer or solicitation for the purchase or sale of any financial instrument
> or as an official confirmation of any transaction. All market prices, data
> and other information are not warranted as to completeness or accuracy and
> are subject to change without notice. Any comments or statements made herein
> do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
> subsidiaries and affiliates.
>
> This communication is for informational purposes only. It is not intended as
> an offer or solicitation for the purchase or sale of any financial instrument
> or as an official confirmation of any transaction. All market prices, data
> and other information are not warranted as to completeness or accuracy and
> are subject to change without notice. Any comments or statements made herein
> do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
> subsidiaries and affiliates.
>
> This communication is for informational purposes only. It is not intended as
> an offer or solicitation for the purchase or sale of any financial instrument
> or as an official confirmation of any transaction. All market prices, data
> and other information are not warranted as to completeness or accuracy and
> are subject to change without notice. Any comments or statements made herein
> do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
> subsidiaries and affiliates.
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
