[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new authentication mode
|
From: |
Markus Grabner |
|
Subject: |
Re: new authentication mode |
|
Date: |
Fri, 09 Aug 2002 00:38:15 +0200 |
Derek Robert Price schrieb:
>
> Markus Grabner wrote:
>
> >Am Dienstag, 30. Juli 2002 00:12 schrieben Sie:
> >
> >
> >>> [...] Our modified CVS
> >>>server checks for the system password if "+" is given in CVSROOT/passwd
> >>>instead of the encrypted password
> >>>
> >>>
> >>Vielleicht uebersehe ich ja was, aber:
> >>
> >>Fuer "echte" Benutzer sind doch gar keine CVSROOT/passwd-Eintraege noetig.
> >>Die werden ganz normal ueber ihr System-Passwort authentifiziert.
> >>(Es sei denn, CVSROOT/config sagt: SystemAuth=No, das ist aber
> >>eher ungewoehnlich.)
> >>
> >>
> >The question was what this is good for since "real" users are authenticated
> >by
> >their system password and don't need a CVSROOT/passwd entry.
> >
> >That's right, but if more persons want to use the same archive and some
> >access
> >restrictions should apply on a per-propject basis, the recommended way in CVS
> >to do so is to map the CVS user ids of all project membes to a unique system
> >user. Currently this also requires to specify a password for each CVS user
> >(or omit it to allow the user to access the repository without
> >authentication). The new code makes it possible to map user ids (e.g., for
> >project management purposes), but still to use system authentication. This
> >avoids having to manually update the CVSROOT/passwd file each time a user
> >changes its password.
> >We faced some problems organizing several CVS projects at our site (different
> >student classes, research projects etc.). Our first attempt was to use Unix'
> >standard user/group management, but this failed since CVS doesn't care about
> >group ids (unlike, e.g., Samba, which does a perfect job on this). Indeed, I
> >
>
> I'm not quite sure what you're talking about. CVS handles UNIX group
> IDs just fine, though on Linux systems you have to set the directory
> setgid bit for the repository. `man chmod' for more, but basically,
> `chmod g+s', and then use UNIX groups as you'd probably expect. From
> <http://www.cvshome.org/docs/manual/cvs_2.html#SEC13>:
I tried that, but since many users in our group have restrictive access
right ("umask 077", which also seems to be the default setting of Samba
which many people here are using) it is still impossible to access files
they check in under their own user id. Therefore I tried to extend the
CVS user mapping method to permit system password checking and user
mapping at the same time. Another (maybe even better) solution would be
to tell the CVS server to override the user's umask by a set of access
rights specified by the CVS administrator.
Regards,
Markus
BTW: How do you cope with the huge amount of spam being delivered via
the bug-cvs mailing list? It's really annoying...
--
Markus Grabner - Computer Graphics and Vision
Graz University of Technology, Inffeldgasse 16/II, 8010 Graz, Austria
Phone: +43/316/873-5041, Fax: +43/316/873-5050
Email: grabner@icg.tu-graz.ac.at, WWW:
http://www.icg.tu-graz.ac.at/~grabner
- Re: new authentication mode,
Markus Grabner <=