"Greg A. Woods" <[EMAIL PROTECTED]> writes: > [ On Monday, July 5, 2004 at 12:03:57 (+0200), Yves Martin wrote: ] >> Subject: Authentication without clear password on the network >> >> I'm currently using a CVS server with PAM authentication. So that my >> windows users simply use their domain user/password to authenticate >> with pserver client mode thanks to the SMB PAM module. > > Why not use SSH? It would be much more secure.
>> [ Additionnaly, users are anonymized to a single real 'cvs' user to >> avoid users creation on Linux ] > > Don't do that. The security model used by Unix-like systems (GNU/Linux > obviously included) requires that every human user have a unique system > identity. My constraints are oriented to reduce administrative tasks: - no system user on the UNIX server (there is no need for CVS features indeed - only the "log name" should be kept for the author field in RCS files) - authentication against the windows domain PDC (to avoid to manage another password or home directory ...) As far as I'm using the PAM SMB only for the CVS authentication, I do not break the UNIX security. The virtual 'cvs' user only access CVS files. In fact there is no human user connected to the machine but only a client/server CVS service. Current status: - The CVS server is used only in the enterprise network. So there is no need to be so secured but it is better that passwords are not sent as clear text (pserver currently !). - The user access is :pserver:[EMAIL PROTECTED]:/cvsroot. And the CVS pserver authenticate 'user' with PAM, then switch the process to 'cvs' virtual user (hard-coded in sources !) - commit are controlled with CVSROOT/avail and the well-known set of Perl scripts (commitcheck, cvs_acls.pl) installed in commitinfo. So there is only one file to manage with CVS currently: the avail file. My objections about SSH: - SSH needs a system user per human user and it is too much job to maintain. - SSH needs to generate certificats and install public keys. It is the only way to use SSH with WinCVS - another "too much job" for users. As you can see, I clearly separate authentication (SMB PAM) and authorization (commitinfo). It works well except to control update access (checkout, update, export) and maybe tag commands. A way to correct that: create a system group per project (aka module) and add programmatically (after authentication) the real user's groups to the 'cvs' system user to control update access with group level. But that is another story. My issue now concerns clear text passwords on the network. -- Yves Martin _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/info-cvs
