unknown
1970-01-01 00:00:00 UTC
_____
From: Arthur Barrett [mailto:***@march-hare.com]
Sent: Monday, May 11, 2009 3:29 PM
To: Risman, Mark; info-***@nongnu.org
Subject: RE: CVS authentication using LDAP.
Mark,
If you configure your unix/linux server to perform 'normal' ssh
authentication with LDAP then a cvs client using ssh will also use LDAP
and the SSH protocol is fairly secure. Refer to your operating system
documentation or vendor technical support for instructions on how to
configure ssh to perform LDAP authentication.
Once you have that working, if you are using a CVSNT client on
Windows (like WinCVS or TortoiseCVS) then you can use the CVSROOT
connection string :ssh:server:/repo, otherwise (non CVSNT clients, or
CVSNT on non-Windows) you use :ext:server:/repo
Alternatively if you rely heavily on 'pserver' type 'alias'
users and want to keep them then CVSNT Server is free/GPL and runs on
linux/unix and supports PAM for all protocols including SSERVER (which
is a 'secure' pserver).
Regards,
Arthur Barrett
-----Original Message-----
From:
info-cvs-bounces+arthur.barrett=march-***@nongnu.org
[mailto:info-cvs-bounces+arthur.barrett=march-***@nongnu.org] On
Behalf Of Risman, Mark
Sent: Tuesday, 12 May 2009 1:41 AM
To: info-***@nongnu.org
Subject: RE: CVS authentication using LDAP.
Hi,
Similar to this request, does anyone have any
wisdom on a good way to set up CVS authentication via LDAP, but in a
manner which allows the password to be secured as it travels across the
network?
Currently we already have LDAP up and running,
and we use CVS version 1.11.17. I could upgrade this to a 1.12 version
with PAM support, but I'm not inclined to bother doing that until I have
a solution to the authentication issue.
In my research I came across one possibility
which uses "stunnel", which is SSL tunneling software I'm not familiar
with, but I'm wondering if anyone has had experience using this or any
similar method for CVS user authentication.
I understand this is all probably a familiar
question to everyone, but if someone could point me toward some basic
information that would help me to implement this, I would appreciate it.
Thank you,
- Mark
From: cvs admin
Subject: CVS authentication using LDAP.
Date: Wed, 29 Mar 2006 12:17:23 +0530
_____
Hi ,
In the present scenario, we have usernames/passwords
stored for each repository on the CVS system itself. We would like to
use the LDAP server for CVS authentication which stores all the Network
login IDs and passwords. This way we wouldn't have to store passwords on
the server and users will have to remember only their network/windows
login password.
For this, we might have to install some system level
packages related to PAM (which supports LDAP authentication).
So anybody have any links or docs to configure the LDAP
on Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
Thanks for help in advance.
cheers
Om
**********************************************************
MLB.com: Where Baseball is Always On
**********************************************************
MLB.com: Where Baseball is Always On
------_=_NextPart_001_01C9D347.3225FFB0
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.3790.4426" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2>Mark,</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>The
best place for CVSNT specific questions is the CVSNT
newsgroup:</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2><A
href="http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt">http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt</A><BR>or<BR><A
href="news://news.cvsnt.org/support.cvsnt">news://news.cvsnt.org/support.cvsnt</A><BR></FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>There
are free/GPL builds of CVSNT for Solaris Sparc on the web site (they are
standard Solaris install packages so there is no need to build from source).
Note: use the x32 bit builds and only switch to x64 bit if after several months
you find you need the additional memory - the x32 bit builds are much easier to
install and configure. </FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>If you
are mostly using CVSNT clients (WinCVS is a GUI only and 'calls' the installed
CVSNT client to actually do the 'work') then there are advantages to using
CVSNT Server including the extended protocols and merge tracking/merge points -
plus the server supports access control lists on modules and branches, failsafe
auditing, etc etc.</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2>Regards,</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>Arthur
Barrett</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2> </DIV></FONT></SPAN>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Risman, Mark
[mailto:***@mlb.com] <BR><B>Sent:</B> Wednesday, 13 May 2009 5:32
AM<BR><B>To:</B> Arthur Barrett; info-***@nongnu.org<BR><B>Subject:</B> RE:
CVS authentication using LDAP.<BR><BR></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009>Arthur,</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009>Apologies for the key details I left out in my
original message, but it seems like you've already figured out one of them --
we have many users currently using :pserver: and we don't want to create
accounts on the server machine for them, if we can at all avoid it. This is
where I think the CVSNT application could come in handy. Thanks very much for
this tip!</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009>The other key detail, though, is the fact that we're
a Solaris shop. Many of our repository users are Windows-based, and are using
a version WinCVS which already supports the CVSNT-extended authentication
methods, but our repository and some of our users are running under Solaris.
Does anyone know of any risks to using CVSNT under Solaris?
From: Arthur Barrett [mailto:***@march-hare.com]
Sent: Monday, May 11, 2009 3:29 PM
To: Risman, Mark; info-***@nongnu.org
Subject: RE: CVS authentication using LDAP.
Mark,
If you configure your unix/linux server to perform 'normal' ssh
authentication with LDAP then a cvs client using ssh will also use LDAP
and the SSH protocol is fairly secure. Refer to your operating system
documentation or vendor technical support for instructions on how to
configure ssh to perform LDAP authentication.
Once you have that working, if you are using a CVSNT client on
Windows (like WinCVS or TortoiseCVS) then you can use the CVSROOT
connection string :ssh:server:/repo, otherwise (non CVSNT clients, or
CVSNT on non-Windows) you use :ext:server:/repo
Alternatively if you rely heavily on 'pserver' type 'alias'
users and want to keep them then CVSNT Server is free/GPL and runs on
linux/unix and supports PAM for all protocols including SSERVER (which
is a 'secure' pserver).
Regards,
Arthur Barrett
-----Original Message-----
From:
info-cvs-bounces+arthur.barrett=march-***@nongnu.org
[mailto:info-cvs-bounces+arthur.barrett=march-***@nongnu.org] On
Behalf Of Risman, Mark
Sent: Tuesday, 12 May 2009 1:41 AM
To: info-***@nongnu.org
Subject: RE: CVS authentication using LDAP.
Hi,
Similar to this request, does anyone have any
wisdom on a good way to set up CVS authentication via LDAP, but in a
manner which allows the password to be secured as it travels across the
network?
Currently we already have LDAP up and running,
and we use CVS version 1.11.17. I could upgrade this to a 1.12 version
with PAM support, but I'm not inclined to bother doing that until I have
a solution to the authentication issue.
In my research I came across one possibility
which uses "stunnel", which is SSL tunneling software I'm not familiar
with, but I'm wondering if anyone has had experience using this or any
similar method for CVS user authentication.
I understand this is all probably a familiar
question to everyone, but if someone could point me toward some basic
information that would help me to implement this, I would appreciate it.
Thank you,
- Mark
From: cvs admin
Subject: CVS authentication using LDAP.
Date: Wed, 29 Mar 2006 12:17:23 +0530
_____
Hi ,
In the present scenario, we have usernames/passwords
stored for each repository on the CVS system itself. We would like to
use the LDAP server for CVS authentication which stores all the Network
login IDs and passwords. This way we wouldn't have to store passwords on
the server and users will have to remember only their network/windows
login password.
For this, we might have to install some system level
packages related to PAM (which supports LDAP authentication).
So anybody have any links or docs to configure the LDAP
on Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
Thanks for help in advance.
cheers
Om
**********************************************************
MLB.com: Where Baseball is Always On
**********************************************************
MLB.com: Where Baseball is Always On
------_=_NextPart_001_01C9D347.3225FFB0
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.3790.4426" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2>Mark,</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>The
best place for CVSNT specific questions is the CVSNT
newsgroup:</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2><A
href="http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt">http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt</A><BR>or<BR><A
href="news://news.cvsnt.org/support.cvsnt">news://news.cvsnt.org/support.cvsnt</A><BR></FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>There
are free/GPL builds of CVSNT for Solaris Sparc on the web site (they are
standard Solaris install packages so there is no need to build from source).
Note: use the x32 bit builds and only switch to x64 bit if after several months
you find you need the additional memory - the x32 bit builds are much easier to
install and configure. </FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>If you
are mostly using CVSNT clients (WinCVS is a GUI only and 'calls' the installed
CVSNT client to actually do the 'work') then there are advantages to using
CVSNT Server including the extended protocols and merge tracking/merge points -
plus the server supports access control lists on modules and branches, failsafe
auditing, etc etc.</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2>Regards,</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff size=2>Arthur
Barrett</FONT></SPAN></DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=331291221-12052009><FONT face=Arial color=#0000ff
size=2> </DIV></FONT></SPAN>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Risman, Mark
[mailto:***@mlb.com] <BR><B>Sent:</B> Wednesday, 13 May 2009 5:32
AM<BR><B>To:</B> Arthur Barrett; info-***@nongnu.org<BR><B>Subject:</B> RE:
CVS authentication using LDAP.<BR><BR></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009>Arthur,</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009>Apologies for the key details I left out in my
original message, but it seems like you've already figured out one of them --
we have many users currently using :pserver: and we don't want to create
accounts on the server machine for them, if we can at all avoid it. This is
where I think the CVSNT application could come in handy. Thanks very much for
this tip!</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=659181519-12052009>The other key detail, though, is the fact that we're
a Solaris shop. Many of our repository users are Windows-based, and are using
a version WinCVS which already supports the CVSNT-extended authentication
methods, but our repository and some of our users are running under Solaris.
Does anyone know of any risks to using CVSNT under Solaris?