bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Socks support in CVS]

From: Nicolas Catania
Subject: Re: [Fwd: Socks support in CVS]
Date: Mon, 16 Jun 2003 11:36:28 -0700 
Folks,

On the socks version:
====================
True that v5 superseeded v4. Still many companies are still using
v4. V4 does not precludes v5. Typically environemnt variables and
config files are used to switch between the 2.

On the implementation:
======================
There are no free implementation for windows that is really convenient
(free unlimited licence). Linux and other UN*X system use a runsocks
program that intercept calls using dynamic library loading order.

On the socks v4 non-standard:
============================
Actually socks v4 became a de-facto standard. After its success, NEC
wanted to make money out of it and published socks v5 with some added
security. The problem is that lazy firewall administrator did not buy
it and most of the time sticked with v4. The authorization management
was something that they were not prepared to deal with.

I think that support for socks v4 or v5 would give a greater
flexibility to the cvs client. While SSH is still recommened, I don't
see why we should prevent people to use socks if they wish to (e.g. to
checkout open source repositories).

Bottom line is that I have a wroking socks v4 extension to cvs on my
harddrive. I could contribute it. If you want it let me know and I'll
write the documentation for it as well and maybe will write V5 support
as well. If you do not want it, well... I'll keep it.

Thanks

Niko

PS: You can enable/disable my code using --enble-socks at configuration time.
 
Mark D. Baushke writes:
 > Hi Folks,
 > 
 > It has been a long time since I played with SOCKS myself, but I was
 > under the impression that folks were moving to SOCKS V5 rather than
 > the weaker (from a security point of view) SOCKS V4 implementation(s).
 > 
 > SOCKS V4 does not support authentication while SOCKS V5 supposedly
 > supports a variety of authentication methods.
 > 
 > There appear to be multiple implementatons of SOCKS V4/V5 out there.
 > ftp://ftp.nec.com/pub/socks (SOCKS V4)
 > http://www.socks.nec.com/ (NEC's SOCKS V5)
 > 
 > The SOCKS V4 protocol does not have an official RFC. There are two
 > documents describing Version 4:
 > 
 >     * http://www.socks.nec.com/socks4.protocol (SOCKS V4 protocol)
 > 
 >     * http://www.socks.nec.com/socks4a.protocol (extension to SOCKS V4
 >       protocol)
 > 
 > The SOCKS V5 protocol has three related RFCs:
 > 
 >     * RFC1928 - Describes SOCKS Version 5 protocol, also known as
 >       Authenticated Firewall Traversal (AFT).
 > 
 >     * RFC1929 - Describes Username/Password authentication for SOCKS V5.
 > 
 >     * RFC1961 - Describes GSS-API authentication for SOCKS V5
 > 
 > My question would be why adding a non-standard protocol (SOCKS V4) to
 > CVS is the right thing to do -- instead of it being a standards-based
 > (SOCKS V5) protocol?
 > 
 > All that said, I would much rather see folks using external programs
 > like ssh as those folks that really do understand security and firewalls
 > rather than try to accret on older security models into cvs ascvs itself
 > is not a very secure framework.
 > 
 >      Thanks,
 >      -- Mark
 > 
 > Derek Robert Price <derek@ximbiot.com> writes:
 > 
 > >   Anyone else have an opinion on or want to handle this?  I haven't
 > > dealt with SOCKS in 6 years and my knowledge was pretty peripheral
 > > back then.
 > > 
 > > -------- Original Message --------
 > > From: - Fri Jun 13 18:35:05 2003
 > > Date: Fri, 13 Jun 2003 15:27:25 -0700
 > > From: Nicolas Catania <nicolas.catania@hp.com>
 > > Subject: Socks support in CVS
 > > To: dprice@cvshome.org
 > > Message-id: <16106.20429.43696.734871@necromancer.cup.hp.com>
 > > 
 > > Derek,
 > > 
 > > I have modified the stable version of CVS to make use of socks v4
 > > proxy. This way cvs can be used on windows to checkout cvs
 > > repositories outside a firewall.
 > > 
 > > The change is fairly small (Makefile.am, configure.in, client.c,
 > > socks.c (new file)) and controlled via a new configuration option:
 > > --enable-socks. I would like to know if you would be interested in
 > > incorporating these in the unstable code tree.
 > > 
 > > Cheers
 > > 
 > > Niko
 > > 
 > > -- 
 > > Nicolas Catania
 > > 
 > > Web Services Management Operation
 > > HP Openview Division
 > > +1 408 447-4564
 > > nicolas_catania@hp.com

-- 
Nicolas Catania

Web Services Management Operation
HP Openview Division
+1 408 447-4564
nicolas_catania@hp.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]