[cvsnt] repository administrators?
wuyongwei at gmail.com
Sat Aug 19 14:40:23 BST 2006
On 8/19/06, Gabriel Genellina <gagsl-cvsnt at yahoo.com.ar> wrote:
> SSPI = Security Service Provider Interface = Microsoft's version of
> the Generic Security Service API (GSSAPI), RFC 1508/1509.
> It allows to authenticate a user, and acquire credentials for it.
> Using SSPI, CVSNT delegates authentication to the operating system;
> there is no need to manage users or passwords inside the program.
> It's the recomended protocol on Windows and "just works" - no tweaks
> and no special configuration must be done, what additional
> documentation do you need?
First, the format of CVSROOT is not formally described (at least no
dedicated section for it that can be easily found). Second, it works
when I set CVSROOT to
but not when it is set to
(I have `127.0.0.1 cvshome' in HOSTS.)
Maybe it is all good behaviour. But it is confusing for a person that
just wants to use CVS. Are users expected to look up in other
references in order to use CVSNT securely?
> On the other way, pserver is really insecure as the user password
> goes transmitted in (almost) plain text.
The above shows that the server name could be a problem for remote
access with SSPI. For local access, pserver is secure too.
> > > To make a user an admin of CVS you have to add him to the
> > > CVSROOT/admin file (just list his login username on a line in this
> > > file).
> > > The file does not exist by default so you have to create it. And it
> > > should NOT be added to the CVSROOT/checkoutlist file either!
> >I appreciate your help very much. However, it is a bug, either in
> >documentation or in the software. In the CVSNT Manual accompanied with
> >my CVSNT installation 2.5.03.2382, admin is not listed as an
> >administrative file, and it is written:
> >`On unix, if there is a group named cvsadmin, only members of that
> >group can run cvs admin. This group should exist on the server, or any
> >system running the non-client/server cvsnt. To disallow cvs admin for
> >all users, create a group with no users in it. On NT, server
> >administrators are able to use the admin command.'
> In the same manual, read Chapter 3: Security
> <http://www.cvsnt.org/manual/html/Security.html>, specially section
> Repository administrators
Thanks, you are right. Unfortunately this piece of information cannot
be easily found, and there are conflicting (incomplete) descriptions
in the section that describes the cvs admin commands.
You are right that passwd is not listed either as an administrative
file. However, there is an entry `passwd (admin file)' in the index of
the Manual CHM file, but no entry like `admin (admin file)'.
More information about the cvsnt