I think I've figured out a general solution to the problem.
When the user uses client CVS, it uses SSH to authenticate to a middle server,
then sends CVS protocol commands to it.
The middle server SSH's over to the CVS server, sets REMOTE_USER (or CVSUSER)
and forwards the CVS protocol commands.
The CVS server acts as is (aside from using CVSUSER).
This solution won't work with the current CVS 'cos there's no way to proxy the
messages from the client to the server.
Noel
Noel L Yap
2000.07.19 17:01
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Proposal: have client CVS send remote username to server CVS
(Document link not converted)
How do you guarantee that CVSUSER is set properly (ie can't be spoofed)?
Noel
PS
I chose REMOTE_USER 'cos that's what Encommerce sets. I haven't figured a way
to spoof
Encommerce's REMOTE_USER setting, but, then again, I'm not an expert hacker.
[EMAIL PROTECTED] on 2000.07.19 16:15:51
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Proposal: have client CVS send remote username to server CVS
>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:
NLY> Yes, exactly. This is what happens now with pserver. Ideally,
NLY> CVS should use an environment variable REMOTE_USER that's set by
NLY> authentication software (eg SSH). But since I don't want to risk
NLY> breaking SSH, I don't want to make the change in it.
By the way, cvs from cvs-nserver uses env var CVSUSER as the only way
to determine the remote user name.
Note the choice of name.
--alexm
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
