Noel L Yap wrote:
> The point is that, when using pserver, CVS remembers you as the name within the
> passwd file (which usually matches the client username) even though it may run
> as some other user. Under client/server CVS, it'll remember you as the server
> username. This proposal and patch changes the behaviour of client/server CVS
> such that it acts just like pserver (without the pserver authentication --
> authentication is left to .rhosts, SSH, or whatever).
Have you considered using SSH, port forwarding, and pserver? I think you could
wrap CVS in something like the following:
#!/bin/sh
ssh -L30100:localhost:cvspserver remotehost.net
CVSPORT=30100 cvs -d:pserver:$USER@localhost:/cvsroot "$@"
I've played enough with ssh to know this basic syntax is correct. You might have
to sub a numeric port for cvspserver. If you really wanted, I suppose the script
could parse the existing CVSROOT & CVSPORT variables for host, port, and user
(remotehost.net, cvspserver, and user isn't provided in the example - I believe
the switch is '-l' like with RSH). Then you could rely on CVS's current pserver
behavior to log the correct user name.
Note this is actually a double authentication scheme, but the SSH authentication
should only have to be set up once for each user and could even be the same for
everybody like you specified. If I understand you correctly, then if you were to
set up your own CVS repository on the server machine (a one time hit on the
sysadmin to edit inetd or put you in the group which has write privledges on the
CVS passwd file), you would not need a sysadmin to create a system login for the
new user and you could edit the CVS passwd file yourself.
In case you still think this solution isn't sufficient, I came up with a second
objection to your authentication scheme. Without authentication on the server
side, nothing is restricting the userids to uniqueness. Two or more of my users
(say [EMAIL PROTECTED] - a dialin account - and [EMAIL PROTECTED] - actually Jane
Schmoe, Joe Schmoe had to use his middle initial for his work account since Jane
was hired first) could look like the same user depending on where they're
connecting from. This doesn't actually require a home and work account. I've
worked for organizations where users had different user IDs on the NT and UNIX
domains, not to mention the test machines where developers would log in as root
and create accounts with any name they like. Even if a developer weren't trying
to use the wrong name in such a case, it might be easier to do so by accident.
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED] OpenAvenue ( http://OpenAvenue.com )
--
When the only tool you own is a hammer, every problem begins to resemble a
nail.
- Abraham Maslow
