[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: a gserver patch
From: |
Ian Lance Taylor |
Subject: |
Re: a gserver patch |
Date: |
02 May 2001 18:36:47 -0700 |
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 |
"Derek R. Price" <dprice@collab.net> writes:
> Shouldn't you have been able to use GSSAPI to rewrite the client and
> server both in such a way that they didn't care what sort of
> authentication mechanism was hiding behind the GSSAPI
> (Kerberos/GSI/whatever)? Why didn't you?
CVS has a model in which the Unix user ID controls access to the
repository, and is used to indicate who made what change.
Given that, you need a mapping from the GSSAPI name to the Unix user
ID. GSSAPI will authenticate that the incoming connection has the
right to use a given GSSAPI name. But GSSAPI does not provide a
mapping between the GSSAPI name and the Unix user ID.
It would be possible to change CVS to use a different authentication
mechanism. But it's not obviously straightforward.
Ian