[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS Manual, section 2.9.2

From: Herr Christian Wolfgang Hujer
Subject: Re: CVS Manual, section 2.9.2
Date: Fri, 28 Mar 2003 12:02:39 +0100
User-agent: KMail/1.5

Hash: SHA1

Hello John,

Am Mittwoch, 26. März 2003 03:05 schrieb John Daues:
> Thanks for taking care of the 'bug'.
> I don't know enough about it yet to know what to choose (rsh, ssh,
> other?)  Maybe if I tell y'all the basics of the system, you can say which.
> Server is a P3 machine running Red Hat 8.0 sitting on the LAN.
> Clients are 3 users.  Two running Win2k, One with RH 8.0.
> Clients connect by the LAN, or dialing into LAN thru modem.
> Does this point one way or the other?
> (or is there more info that would help?)

I made best experiences with ssh.
I have tried: local access / NFS, pserver and ext (with ssh).
I have not tried: ext with rsh (it's unencrypted, but else doesn't differ from 
ssh), Kerberos etc..

The disadvantage about rsh/ssh access is that there must be user accounts. 
Best case one account for each cvs user, so you can tell the users from CVS 
($Author$ etc.).

With local access / NFS or pserver I often ran into Lock problems. (Waiting 
for XYZ's lock in directory abc). That never occurred to me with ext.

I use ssh instead of rsh because
a) the connection is encrypted
b) Authentication can be done on a Private Key / Public Key basis, which I 
consider much more secure than .rhosts at rsh.
When using key authentication (using ssh-keygen and ~/.ssh/authorized_keys) it 
is not neccessary to type in the password (same as with pserver and login, 
but more secure for the connection).

On the other hand, giving everyone an account in the system could be 
considered insecure, unless they need or already have accounts anyway. Then 
pserver is better because you can create non-system-accounts that exist only 
within CVS / pserver.

I have also heard that it's possible to tunnel pserver through ssh or http or 
https, but I do not know wether that is really possible, even less I know how 
to configure that.

- -- 
Christian Wolfgang Hujer
Geschäftsführender Gesellschafter
Telefon: +49  (0)89  27 37 04 37
Telefax: +49  (0)89  27 37 04 39
E-Mail: address@hidden
Version: GnuPG v1.0.7 (GNU/Linux)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]