[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Local CVS Authentication

From: Robert Auch
Subject: RE: Local CVS Authentication
Date: Tue, 1 Nov 2011 16:04:12 +0000

Hi Sam, 

When you say "Active Directory will be shut down" - do you mean your access to 
AD, or that all of the AD servers themselves will be shut down?  You can safely 
change your existing CVS implementation to GServer (GSSAPI) only, and require 
that the Kerberos ticket for Auth comes from a PKI / PIV smartcard logon on the 
client.  This should satisfy FIPS201, and only require reconfiguring the CVS 
implementation, as long as your Unix systems are already connected to Kerberos. 
 BeyondTrust's PBIS Open is a fully OSS client that can help on the OS side if 
required, too.  I've personally done CVS Pserver/GServer implementations with 
PBIS (formerly Likewise Open) as part of larger security projects like you are 
suggesting going through.  Let me know if I can assist further.

Robert Auch

-----Original Message-----
From: address@hidden [mailto:address@hidden On Behalf Of Arthur Barrett
Sent: Monday, October 31, 2011 11:38 PM
To: Harris, Sam; address@hidden
Cc: Glen Starrett
Subject: RE: Local CVS Authentication

Hi Sam,

FIPS 201 PIV - Personal Identity Verification for the Federal Government?  Ie: 
an RSA key stored on a smart card accessed by a vendor specific API and a PIN 
entered by the user?

I work for the vendor of CVSNT as the product manager.  I recommend you contact 
Glen Starrett in Memphis TN on 800-653-1501 x803. He's the technical account 
manager for your area and can help with a quote and assistance with your 

Version control systems are not interchangable - they support your SCCM 
business process.  For commercial/professional programmers that process usually 
includes the need to relate one change to another based on a 
job/defect/test-case etc - this is a changeset and is supported by CVSNT but 
not CVS or SVN.

There are many many other features supported by the latest CVSNT that are not 
supported by SVN (failsafe audit, auto merge with mergepoints, distributed 
repositories etc), but what's important is that the tool has the features to 
support your business process: PIV included.  If you are using CVSNT today then 
clearly it does support your business process.

Exactly how you configure CVSNT to work with your smartcard technology will 
depend on your client operating system, CVS Server version and operating system 
and the client/server protocol in use (pserver, ssh, sspi etc). 

I think TortoiseCVS is irrelevant to this disucssion, it's a graphical front 
end to CVSNT - the checkin/checkout/authentication/changesets/audit/reserving 
etc is done by CVSNT, not by the GUI.


Arthur Barrett
Product Manager

> -----Original Message-----
> From: 
> address@hidden
> [mailto:address@hidden
> org] On Behalf Of Harris, Sam
> Sent: Tuesday, 1 November 2011 8:40 AM
> To: 'address@hidden'
> Subject: Local CVS Authentication
> We have used Active Directory for CVS authentication for many years. 
> But a new directive has been handed down that requires all 
> applications to be PIV enabled. In about six weeks Active Directory 
> will be disabled. We have been given two choices.
> (1) Re-Configure CVS to authenticate all users, and (2) migrate all 
> CVS projects to SVN.
> We have 50 projects and 60 users and use CVSNT 2.0.58d/TortoiseCVS 
> 1.8.11.
> My questions
> Can CVS be PIV enable?
> Which of my two choices will be the quickest and best?
> Sam
> ------------------------------------
> Whenever two people meet, there are really six people present. There 
> is each person as he sees himself, each person as the other person 
> sees him, and each person as he really is. - William James, 
> psychologist and philosopher (1842 - 1910)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]