Date: Wed, 17 Sep 1997 09:46:47 -0700 From: Julian Elischer <julian@whistle.com> To: itojun@itojun.org Cc: Marc Slemko <marcs@znep.com>, hackers@FreeBSD.ORG Subject: Re: cvs pserver mode Message-ID: <34200977.446B9B3D@whistle.com> References: <Pine.BSF.3.95.970916235732.6754A-100000@alive.znep.com> <19600.874477702@itojun.csl.sony.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
itojun@itojun.org wrote: > > >> does any of you have trouble using pserver mode of cvs? > >First, don't use pserver. It sucks. Badly. It stores unencrypted > >passwords on the clients disk and anyone with a shell on the server an > >steal connections (and hence passwords) from users connecting. Bad. > >Secondly, you need the --allow-root option to tell it what repositories to > >use. This is new in 1.9.10 or something like that. > > Thanks very much for the comment (and to Julian), I'll keep myself > away from pserver. > > My goal is to have a way to publish half-public source code to > 20 or so people, without giving them an account on my machine. > (they won't make changes to my repository) > Options seems to be as follows, but I don't know which is good/bad. > - cvs pserver (should stay away from this) > - anonymous cvs + some modification > (how to set it up? OpenBSD people uses this to keep them in sync) > - cvsupd + some modification > (current version has no authentication, it seems) > - give an account (say, "mygroup") to them and use rsh/ssh > > Please let me know your opinion. Thanks! > > itojun you can use ssh as the transport in which case you need to make it so the othe rpeople can do an ssh to your server (at least that way the passwd is protected) if you use pserver, set up an alternate password file in the CVSROOT directory (as directd in the docs,) or make sure that teh accounts you setup for them have no login shell. That way all they can do is CVS. If you have kerberos of course the kserver protocol is the most secure. how about setting up a cvsup server? then they can get updates as needed. and how about a cvsweb server (as seen at http://www.freebsd.org/cgi/cvsweb.cgi/ )
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34200977.446B9B3D>