[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Which cvs protocol better ?pserver/extssh??
|
From: |
Arthur Barrett |
|
Subject: |
RE: Which cvs protocol better ?pserver/extssh?? |
|
Date: |
Tue, 8 Mar 2011 13:09:09 +1100 |
Kapila Kohli,
TortoiseCVS includes CVSNT (it requires it to be able to run) so it
seems you are already using CVSNT on the client, you'll get a lot more
out of TortoiseCVS with a CVSNT server including merge tracking, user
defined change sets, atomic commit id's, access control lists etc etc.
What is your LDAP problem - something internal to your organisation or
do you mean that LDAP is nor working with CVS at your site due to bugs?
What LDAP server are you using? I have limited experience settings up
LDAP authentication on Linux servers, but when I've done it (from Red
Hat Enterprise Linux to Active Direcrtory) it seemed quite
straightfoward and well documented by Red Hat and then getting LDAP/AD
to work with CVSNT was just a couple of commands...
Regards,
Arthur Barrett
-----Original Message-----
From: Kapila Kohli [mailto:address@hidden
Sent: Friday, 4 March 2011 6:58 PM
To: Arthur Barrett
Cc: address@hidden
Subject: Re: Which cvs protocol better ?pserver/extssh??
Thanks Arthur for explaining in depth.
LDAP is not yet working . Security is not that big crisis as of
now.
Feels i should try for CVSNT . Our cvs repo is in linux whereas
developers works on windows env using cvs client as Eclipse & Tortoise.
Creating users on linux everytime is a bizarre all time all i
infer from ur conversation that we can go for pserver as of now with
keeping other advanced level traversed atleast would save creating m/c
users & they logging to m/c with it.
thanks once again.
On Wed, Mar 2, 2011 at 3:56 PM, Arthur Barrett
<address@hidden> wrote:
> cvs users not m/c users.Its working fine also. But
many says
> pserver is not better choice as its not very secure.
Can
> anyone help me in understand what is the best cvs
protocol used
> now-a-days.
>
It depends on your security requirements. If it is all
on an internal
LAN (or encrypted VPN) then maybe you don't care about
the trivial
encryption of passwords in pserver, but maybe you do.
Note: pserver
also usually stores the password on the client with
trivial encoding
(though it appears as though you are using Eclipse as
the client which
even stores ssh passwords on the client by default I
think).
I personally prefer CVSNT (yes it runs on Linux and
works with Eclipse)
since it has ACL's without the need to patch the sources
and has a wider
choice of protocols (eg: sserver, a secure version of
pserver). I also
recommend using CVSNT on windows clients with Eclipse
since you can use
the extnt.ini file to 'redirect' the Eclipse protocol
from pserver to
sserver and also use the cvsagent which stores one time
passwords in
memory not on the disk.
I'm surprised you are needing to create logins for each
user - these
days most organisations with more than 3 people have
some user directory
(eg: LDAP or Active Directory) which every PC uses to
authenticate
users. Your server should be able to authenticate the
SSH or PSERVER
users via that same database (eg: using PAM) and you
should be able to
set up ACLs on the repository modules based on standard
groups (also in
LDAP or AD).
Anyway - it really boils down to what your security
requirements are,
not what options are available.
Regards,
Arthur Barrett