[ On Wednesday, August 9, 2000 at 09:02:09 (-0400), Noel L Yap wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS
>chroot)
>
> From (the little of) what I understand of nserver, it separates out the
> authentication from CVS. This has a couple of consequences:
> 1. pserver can be easily ripped out (if it hasn't already).
> 2. pluggable (ie real) authentication is possible.
Unfortunately the current 'cvs-nserver' implementation still seems to
offer the opportunity to configure authorisation that's orthogonal to
the system. I.e. it does not appear to force the user to use only
system accounts, as it should.
In any case it's totally redundant and pointless because:
> No authentication should exist within CVS. Instead, CVS should be open to
> pluggable authentication.
CVS *IS* already wide open to "pluggable" authentication! Just set the
(perhaps badly named) CVS_RSH environment variable to specify the
authentication and connection tool of your choice (eg. ssh) and then use
the ":ext:" access method in your CVSROOT specification! There's
nothing more to change or implement -- it's been this way almost all
along!
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
