On Mon, May 15, 2000 at 05:57:50PM +0530, Kedar Patankar typed:
>
> Does anyone here know how to configure a "cvs pserver" to work
>with tcp-wrappers? I managed to get cvs pserver working w/o tcp-wrappers,
Not tried it yet - but this link may help -
http://www.acm.uiuc.edu/sigsoft/workshops/cvs/
Even the ACM link above calls it "paranoid" (but it does make sense) :)
>but am scared to use it - too insecure. It just doesn't work when I try
>using it with tcp-wrappers..
This is what you have probably done (cut-paste from a few howtos I'd
downloaded some time back) -
1. if there is not already one around, create a CVS repository (naturally)
:)
Add this to /etc/services:
cvs 2401/tcp # remote cvs server
Add this to /etc/inetd.conf:
cvs stream tcp nowait root /path/to/cvs cvs pserver
Restart inetd.
Or just create a passwd file in the CVSROOT that contains
name:cryptedpasswd pairs, one per line. This allows users to avoid using
their normal login passwords with CVS.
The CVS server needs to run as root in order to change to the appropriate
UID after authentication. The server accepts a connection, checks the
authentication, and either exits or changes the UID and continues.
Change your CVSROOT to something like:
:pserver:[EMAIL PROTECTED]:/path/to/cvsroot
Before you can issues any CVS commands, you must:
$ cvs login
and enter your password. CVS stores your crypt()'d password in .cvspass in
your home directory for use in future connections. The paranoid may wish
to delete this between sessions. Once you have logged in, you may issue
cvs commands just the same as you would with a local repository.
--
Suresh Ramasubramanian | sureshr at staff.juno.com
Anything worth doing is worth overdoing
-----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
