[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVS authentication
From: |
Arthur Barrett |
Subject: |
RE: CVS authentication |
Date: |
Thu, 28 Feb 2008 14:59:35 +1100 |
> Is there a way to capture/log authentication via
> pserver?
If you are using systemauth then the user is ultimately authenticated by
the operating system and most servers will log that someway - just parse
it looking for cvs as the host process.
> I have a requirement to monitor login activity which
> would include, cvs "login" and cvs "up" activity.
> Currently I am able to capture commit history via
> loginfo.
This is more difficult than it sounds. The 'obvious' answer is to use
'history' to do your logging - except it is designed to fail silently
(ie: if two writes are attempted on the history file at the same time
then one wins and the other loses and the change is permanently lost).
On the CVSNT project (free/GPL unix/linux just like CVS) we really
wanted 'failsafe logging' and it took an enormous amount of work - but
it does work now (it's the 'repository auditing extension'). The hard
stuff was recoding so the client action fails if the audit fails. We
use a SQL database for doing the logging for fast/convenient reporting.
I've never thought of logging 'login' though - mostly (I guess) because
most CVSNT users use SSH or SSPI rather than the insecure PSERVER and
neither SSPI or SSH use the 'login' command...
Regards,
Arthur