"Derek R. Price" <[EMAIL PROTECTED]> writes:
> Yeah, it does. I want to get Kerberos set up here so I can do some testing
> before I check things in, but it should go in. It'll probably be a few weeks
> since I'm going to be on vacation next week.
ok. Have a nice vacation.
> A few more questions for my personal edification, though:
>
> Is the "cvs" portion of the "cvs/*@EXAMPLE.COM" that the server verifies all that
> prevents the client from obtaining a ticket for, say,
> "[EMAIL PROTECTED]" and using that to accerss CVS?
Yes, if that check wasn't there, any key that was in /etc/krb5.keytab
would be possible to use. And it's actually
[EMAIL PROTECTED] for telnet and other services.
> Is it possible for the Kerberos server to grant a ticket to the CVS client
> (assumedly through the CVS server) for anything other than
> "cvs/<somehost>@EXAMPLE.COM"? In what cases?
Yes, the Kerberos server gives you tickets for anything you like. You
would of course have to hack the client to do that, and any ticket
that the server can verify against the locally stored keys in
/etc/krb5.keytab should authenticate the user. The reason for having
that check is that people might want to add attributes to cvs/
principals.
/assar
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
