Re: CVS + AD authentication

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS + AD authentication

From:	Mark D. Baushke
Subject:	Re: CVS + AD authentication
Date:	Sat, 04 Mar 2006 09:27:38 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

address@hidden writes:

> Is it possible to set up CVS to use AD user accounts for authentication
> ? If so .. How?

If your CVS server is already a windows box, then you are probably
looking at a CVSNT server. It does have many athentication mechanisms
and I think ActiveDirectory is one of them. However, that is outside of
the normal discussions on this list. See http://cvsnt.org/ more more
details.

Assuming that your CVS server is NOT a windows box...

If you only wantto hack the CVS network layer, then this may be useful:
http://sourceforge.net/projects/cvs-nserver/

If you would rather make it so that your cvs server host uses
ActiveDirectory account in general, then you will need to get a PAM
(Pluggable Authentication Module) for your system that is able to
communicate with LDAP and then configure it to use an ActiveDirectory
server for your logins.

I used google to look for: [pam ldap activedirectory]
and I found the following paper that may be useful to you:

http://empsystech.com/tech_blog/2005/12/12/active-directory-authentication-for-linux-part-1/
http://empsystech.com/tech_blog/2005/12/20/active-directory-authentication-for-linux-part-2/

Given that, you could use CVS_RSH=ssh and have the remote end use either
your public-key credentials or an ActiveDirectory password.

> There is a CVS set up here now, but we are moving it from one old
> server, to a newer one. It is currently using pserver and user/pass
> that are stored in each CVSROOT.

If you are using the cvs 1.12.x release of CVS, then you may find
Q6.12 under http://ximbiot.com/cvs/wiki/index.php?title=CVS_FAQ
to be useful. A direct link to just that FAQ is here:

http://ximbiot.com/cvs/wiki/index.php?title=CVS_FAQ#Does_CVS_supports_PAM_for_user_authentication.3F

If you are using an older CVS, you may need to patch it yourself.
A google for: [cvs pam support] should find you the patches that
might still work for you.

Note that I do not recommend that anyone should ever use the :pserver:
protocol. I do not believe it is secure. CVS should not be in the
business of authentication as it was never really designed with security
in mind. It is better to use your operating system to do authentication
and authorization and use one of the :ext: transports. I recommend using
'ssh' as the transport.

Good luck,
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFECc4JCg7APGsDnFERAqymAKDQWlV0XsfdXKOeui5zln4gv2UWKwCfShN7
3sEfZx3/aDyfMOGszmXIkVA=
=sycp
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

CVS + AD authentication, mrskinnypete, 2006/03/01
- Re: CVS + AD authentication, Mark D. Baushke <=

Prev by Date: Re: help with rlog
Next by Date: Re: Rebuilding administrative file database
Previous by thread: CVS + AD authentication
Next by thread: Re: how to update a directory recursive while not merge local modified file
Index(es):
- Date
- Thread