RE: need to force username of cvs 'action' when using sharedSSHaccount

[Tim Grotenhuis]

Thanks.  That sounds like an okay solution.  I'll give that a twirl.

tim
----- Original Message ----- 
From: "Matthew Herrmann" <address@hidden>
To: <address@hidden>
Sent: Sunday, May 02, 2004 7:55 PM
Subject: RE: Fw: need to force username of cvs 'action' when using
sharedSSHaccount


> Hi Tim,
>
> Ironically enough, exactly what you are asking for is pserver access.
> Because the username can be fairly easily overridden in this method, it's
> not considered secure (but in a normal work environment it's fine). The
ssh
> method of connecting is secure for the precise reason that secure is
managed
> outside cvs and it _won't_ let you get around it.
>
> The only other suggestion is to add a commit-check which ensures that the
> username is present in the commit message. You can set up a template which
> commit messages must conform to, and then change the cvs editors on each
> developer box so the pre-generated form comes up each time.
>
> This is a hack, but I can't see how you can do what you're after
otherwise.
>
> Best Regards,
>
> Matthew Herrmann
> ----------------
> Director
> Far Edge Technology
> http://www.faredge.com.au/
>
> -----Original Message-----
> Date: Sun, 2 May 2004 11:33:46 -0400
> From: "Tim Grotenhuis" <address@hidden>
> Subject: Fw: need to force username of cvs 'action' when using shared
> SSHaccount
> To: <address@hidden>
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
>
> > >
> > > Is there a reason why you can't use the old-fashioned strategem
> > > of one account per developer ?
>
>  My ISP won't give me additional accounts.
>
> > > You can also use $HOME/.ssh/environment on the client side to tunnel
> > > environment variables of your choice.  I've never tried it myself, I
> > > just saw that in the ssh man page.  (Your developers would be able to
> > > cheat, though.)  The trouble is, CVS doesn't look at the environment
to
> > > decide who's calling.
>
>  My script that runs in the command="" option in the authorized_keys2 file
>  runs successfully and I can control the input based on which key (ie,
which
>  developer) is used.  I am looking for the correct environmental variable
>  that CVS WILL look at.
>
> > >
> > > > There HAS to be a way to force cvs to record the correct committer
> > > > name.
> > >
> > > Why ?  Why would cvs extract that information from a source other than
> > > its own euid ?
>
>  I just can't imagine that this hasn't been required before: a single
shell
> account with a used id of, for example,  'cvsuser' requiring SSH, instead
of
> pserver, authentication and access for developers.  The nature of CVS,
that
> of tracking diffs and who did what when, seems to be compromised in this
> situation.  Thats all.
>
>
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
>
>
>