RE: CVS authentication

[Arthur Barrett]

> Is there a way to capture/log authentication via
> pserver?

If you are using systemauth then the user is ultimately authenticated by
the operating system and most servers will log that someway - just parse
it looking for cvs as the host process.

> I have a requirement to monitor login activity which
> would include, cvs "login" and cvs "up" activity. 
> Currently I am able to capture commit history via
> loginfo.

This is more difficult than it sounds.  The 'obvious' answer is to use
'history' to do your logging - except it is designed to fail silently
(ie: if two writes are attempted on the history file at the same time
then one wins and the other loses and the change is permanently lost).

On the CVSNT project (free/GPL unix/linux just like CVS) we really
wanted 'failsafe logging' and it took an enormous amount of work - but
it does work now (it's the 'repository auditing extension').   The hard
stuff was recoding so the client action fails if the audit fails.  We
use a SQL database for doing the logging for fast/convenient reporting.

I've never thought of logging 'login' though - mostly (I guess) because
most CVSNT users use SSH or SSPI rather than the insecure PSERVER and
neither SSPI or SSH use the 'login' command...

Regards,


Arthur