[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS authentication

From: Arthur Barrett
Subject: RE: CVS authentication
Date: Thu, 28 Feb 2008 14:59:35 +1100

> Is there a way to capture/log authentication via
> pserver?

If you are using systemauth then the user is ultimately authenticated by
the operating system and most servers will log that someway - just parse
it looking for cvs as the host process.

> I have a requirement to monitor login activity which
> would include, cvs "login" and cvs "up" activity. 
> Currently I am able to capture commit history via
> loginfo.

This is more difficult than it sounds.  The 'obvious' answer is to use
'history' to do your logging - except it is designed to fail silently
(ie: if two writes are attempted on the history file at the same time
then one wins and the other loses and the change is permanently lost).

On the CVSNT project (free/GPL unix/linux just like CVS) we really
wanted 'failsafe logging' and it took an enormous amount of work - but
it does work now (it's the 'repository auditing extension').   The hard
stuff was recoding so the client action fails if the audit fails.  We
use a SQL database for doing the logging for fast/convenient reporting.

I've never thought of logging 'login' though - mostly (I guess) because
most CVSNT users use SSH or SSPI rather than the insecure PSERVER and
neither SSPI or SSH use the 'login' command...



reply via email to

[Prev in Thread] Current Thread [Next in Thread]