Re: Authentication through PAM

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication through PAM

From:	Mark D. Baushke
Subject:	Re: Authentication through PAM
Date:	Thu, 18 Jan 2007 08:32:11 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sam Chu <address@hidden> writes:

> I am trying to setup pserver access using PAM authentication. Here is what I 
> did.
> 1. Downloaded cvs-1.12.13
> 2. Configure and make with pam enabled.
> 3. Add cvs PAM configuration file to /etc/pamd. The content of the 
> configuration file is
> auth            required                pam_unix.so
> account        required                pam_unix.so
> session        required                pam_unix.so
> 4. Checkout worked with/without cvs PAM configuration file.
> 
> My quesitons are:
> 1. Does CVS fall back to reqular authentication (in my case NIS) if
> the cvs PAM configuration file does not exist? If yes, how do I
> configure it so that it won't fall back to NIS.

I believe this would be related to how PAM is configured for your system
rather than how CVS is configured. However, I may not be the right person
to ask about this feature. I'll suggest that Brian Murphy <address@hidden>
might be a better person to answer many of these questions.

[I would rather see :pserver: support removed from CVS entirely...]

> 2. I am going to use LDAP as the authentication mechanism. What do I
> need to change in the PAM configuration file to use LDAP?

I do not know. I am not a PAM expert. If you can find how to configure
your PAM system to use LDAP in the general case for normal logins, then
the same rules should work when you start playing with CVS configurations.

> 3. I really would like to use ssh instead of pserver. What do I need
> to change in the PAM/LDAP context?

If you can ssh into your box using PAM/LDAP authentication, then you do
not need to do anything to your system to use cvs other than specify
:ext: (the client may need to setenv CVS_RSH=ssh if it is not configured
to default to using ssh over :ext: connections) or :extssh: as the
method to be used.

In other words, cvs using :ext: just runs on a remote command execution
of your 'ssh' command, so login to the system is governed by how your
system allows remote users to login rather than how cvs itself is
configured.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFr6ELCg7APGsDnFERAn5sAKCFJ7Kkc5vMAgadFdtSsWkmqxeFPACgnxek
Tr0u9G57Uuw/bDXwpKxE1Pk=
=ieJO
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Authentication through PAM, Sam Chu, 2007/01/17
- Re: Authentication through PAM, Mark D. Baushke <=

Prev by Date: Re: CVS asking for one log message per directory with file changes
Next by Date: Re: CVS to back up MySQL databases?
Previous by thread: Authentication through PAM
Next by thread: CVS to back up MySQL databases?
Index(es):
- Date
- Thread