Re: Which cvs protocol better ?pserver/extssh??

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Which cvs protocol better ?pserver/extssh??

From:	Kapila Kohli
Subject:	Re: Which cvs protocol better ?pserver/extssh??
Date:	Fri, 4 Mar 2011 13:28:26 +0530

Thanks Arthur for explaining in depth.
LDAP is not yet working . Security is not that big crisis as of now.
Feels i should try for CVSNT . Our cvs repo is in linux whereas developers
works on windows env using cvs client as Eclipse & Tortoise.

Creating users on linux everytime is a bizarre all time  all i infer from ur
conversation that we can go for pserver as of now with keeping other
advanced level traversed atleast would save creating m/c users & they
logging to m/c with it.

thanks once again.

On Wed, Mar 2, 2011 at 3:56 PM, Arthur Barrett <
address@hidden> wrote:

>
> > cvs users not m/c users.Its working fine also. But many says
> > pserver is not better choice as its not very secure. Can
> > anyone help me in understand what is the best cvs protocol used
> > now-a-days.
> >
>
> It depends on your security requirements.  If it is all on an internal
> LAN (or encrypted VPN) then maybe you don't care about the trivial
> encryption of passwords in pserver, but maybe you do.  Note: pserver
> also usually stores the password on the client with trivial encoding
> (though it appears as though you are using Eclipse as the client which
> even stores ssh passwords on the client by default I think).
>
> I personally prefer CVSNT (yes it runs on Linux and works with Eclipse)
> since it has ACL's without the need to patch the sources and has a wider
> choice of protocols (eg: sserver, a secure version of pserver).  I also
> recommend using CVSNT on windows clients with Eclipse since you can use
> the extnt.ini file to 'redirect' the Eclipse protocol from pserver to
> sserver and also use the cvsagent which stores one time passwords in
> memory not on the disk.
>
> I'm surprised you are needing to create logins for each user - these
> days most organisations with more than 3 people have some user directory
> (eg: LDAP or Active Directory) which every PC uses to authenticate
> users.  Your server should be able to authenticate the SSH or PSERVER
> users via that same database (eg: using PAM) and you should be able to
> set up ACLs on the repository modules based on standard groups (also in
> LDAP or AD).
>
> Anyway - it really boils down to what your security requirements are,
> not what options are available.
>
> Regards,
>
>
> Arthur Barrett
>
>
>
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

Which cvs protocol better ?pserver/extssh??, Kapila Kohli, 2011/03/01
- RE: Which cvs protocol better ?pserver/extssh??, Arthur Barrett, 2011/03/02
  - Re: Which cvs protocol better ?pserver/extssh??, Kapila Kohli <=
    - Re: Which cvs protocol better ?pserver/extssh??, Gary Funck, 2011/03/05
- RE: Which cvs protocol better ?pserver/extssh??, Arthur Barrett, 2011/03/07
  - migration from CVS to CVSNT, Pradeep Sharma, 2011/03/08
    - Re: migration from CVS to CVSNT, Michael Haggerty, 2011/03/08

Prev by Date: RE: Which cvs protocol better ?pserver/extssh??
Next by Date: Re: Which cvs protocol better ?pserver/extssh??
Previous by thread: RE: Which cvs protocol better ?pserver/extssh??
Next by thread: Re: Which cvs protocol better ?pserver/extssh??
Index(es):
- Date
- Thread