Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hi to all. This mail arrives late, since I'm using Lotus Notes at work,
and I don't have a clue about how to confuigure that beast to send
clear-text mails instead of HTML bulk, and my mails got rejected...
I have to disagree partly with Bo, sorry ;-).
I can password-protect directories by using apache directives:
cat /etc/apache2/sites-available/default
<Location "/viewcvs/CVSROOT">
AuthUserFile /etc/apache2/conf.d/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user JDE
</Location>
This works like a charm. I'm sure I can do this with .htaccess files
too, for any directory I like. So it is perfectly possible to do this
with a script, updating the apache configuration file directly or
creating .htaccess files per subdirectory. I guess the per-subdir
option is the best, since it requires just parsing of the cvsnt acl in
that subdir and creating the proper .htaccess file.
As mentioned before, this only works properly if apache authenticates
against /etc/shadow (using a utility program runing with SUID root) and
not like I implemented at present (with .htpasswd).
Re rpm: indeed, ubuntu uses debs, and i just have to apt-get install
cvsnt to get the whole thing to work.
Am I wrong thinking this is an interesting extension to cvsnt, if we
would set up such an integrated system, with viewvc respecting acls? Or
am I the only one interested in such a thing? Or was I wrong n
selecting cvs, and is svn the way to go? Why did viewvc drop cvs
development?
Jürgen Depicker
On Wed, 7 Mar 2007 21:53:06 +0100, jurgen.depicker at let.be wrote:
>Dear all,
>Is there anyone out there who knows how to solve this problem:
>I set up security on my ubuntu cvs server using cvsnt's acls. But of
>course (or at least: of course to me...) viewvc (or viewcvs) doesn't care
>about my ACLs. Anyone any ideas about how to solve this?
>I read something about an apache module authenticating against
>/etc/shadow. But then I would need to set up everywhere .htaccess files
>based on the fileatr.xml files of cvsnt. So it must be possible to do
>this with a script ruinning via a cron job. But it seems like a big
>headache. Maybe one of you knows about a more elegant solution?
>Thanks!!
>Jürgen.
ViewCVS (or as it is now named ViewVC) works by reading the RCS
repository files directly on the server. It uses the RCS functions in
CVSNT to do so in order to parse the new stuff that CVSNT has added to
the RCS files and which the GNU RCS tools are unable to parse.
BUT, when doing so it is not acting as any particular user and it does
not go through the CVSNT service with a particular protocol that would
authenticate a user to CVSNT. Therfore the built-in ACL system in
CVSNT is totally bypassed.
I don't know if the ViewVC project works towards fixing this now, but
I doubt it very much since they switched their focus towards
SubVersion about 1.5 years ago.
That is when I stopped following their activities. I am now using
ViewCVS from mid-2005, which works as described above and is OK for
our needs.
BTW is there any special gotchas to install CVSNT into Ubuntu? If I
remember correctly it does not respect rpm packages....
HTH
/Bo
(Bo Berglund, developer in Sweden)
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs