Re: a gserver patch

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a gserver patch

From:	Ian Lance Taylor
Subject:	Re: a gserver patch
Date:	02 May 2001 18:36:47 -0700
User-agent:	Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

"Derek R. Price" <dprice@collab.net> writes:

> Shouldn't you have been able to use GSSAPI to rewrite the client and
> server both in such a way that they didn't care what sort of
> authentication mechanism was hiding behind the GSSAPI
> (Kerberos/GSI/whatever)?  Why didn't you?

CVS has a model in which the Unix user ID controls access to the
repository, and is used to indicate who made what change.

Given that, you need a mapping from the GSSAPI name to the Unix user
ID.  GSSAPI will authenticate that the incoming connection has the
right to use a given GSSAPI name.  But GSSAPI does not provide a
mapping between the GSSAPI name and the Unix user ID.

It would be possible to change CVS to use a different authentication
mechanism.  But it's not obviously straightforward.

Ian

[Prev in Thread]

Current Thread

[Next in Thread]

a gserver patch, Mei-Hui Su, 2001/05/01
- Re: a gserver patch, Derek R. Price, 2001/05/02
  - Re: a gserver patch, Ian Lance Taylor <=
- Re: a gserver patch, Mei-Hui Su, 2001/05/02

Prev by Date: Re: Can't build CVS 1.11.1 on Solaris
Next by Date: Re: a gserver patch
Previous by thread: Re: a gserver patch
Next by thread: Re: a gserver patch
Index(es):
- Date
- Thread