Re: Auth using PAM

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auth using PAM

From:	Cary Coulter
Subject:	Re: Auth using PAM
Date:	Tue, 2 Dec 2003 08:58:36 -0600

I have tried ssh.  It does work, will auth throuch pam_smb_auth using NT
passwords, not Unix ones.

However,  I do experience a significant delay when invoking CVS for ssh
authorization (shows on the WSAD dialog box).  The delay isn't too bad for
normal repository operations, (synchronizing, updating, commiting), but
becomes excessive when looking at multiple file diffs through the internal
diff browser.

It appears that each time I click on a different file in the tree for a
diff, it must reauthenticate to ssh, which in all reality, takes a two or
more seconds longer than the pserver method.  While this isn't a
show-stopper, it is a long time to wait when looking a multiple file diffs.

The ssh delay is present for both a passwd/shadow authenticated user as well
as the pam_smb_auth user, so I don't think the delay comes from the remote
auth method.

Is there just something wrong with the ssh setup?  Personally, I have always
experienced a slower login with ssh versus telnet.

Thanks for the help.
Cary

----- Original Message ----- 
From: "Maarten de Boer" <address@hidden>
To: <address@hidden>
Cc: <address@hidden>
Sent: Tuesday, December 02, 2003 3:53 AM
Subject: Re: Auth using PAM

> Cary Coulter wrote:
> > Is there a patch for 1.11.6 CVS for using PAM on Linux for user
> > authentication?   We're using WSAD/Eclipse and understand the 1.11.6
> > is as new as we can go for now.
>
> I really think you don't want to do this. It is a lot better (a lot more
> secure) to use CVS through ssh. I am not familiar however with
WSAD/Eclipse,
> but I suppose you can configure it to use a external remote shell
connection
> (:ext:) instead of pserver.
>
> > Our main development platform is Windows. I have a Linux machine using
> > pam_smb_auth to authenticate logins via our NT domain for the "Windows
> > only" users.  Regular Unix users use the shadow file.  All user/group
> > info is in /etc/passwd and /etc/shadow, only the passwords come from
> > NT.
>
> Our CVS server is Linux, the password are on a SAMBA server, the clients
> use CVS through ssh (mostly using the excellent CVS gui client LinCVS,
> also for Windows), the CVS server authenticates the ssh login using the
> pam_smb_auth module. (And the shells on the CVS server are very limited
> chrooted shells that only allow to execute cvs)
>
> Maarten
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

Auth using PAM, Cary Coulter, 2003/12/01
- Re: Auth using PAM, Maarten de Boer, 2003/12/02
  - Re: Auth using PAM, Cary Coulter <=
    - Re: Auth using PAM, Maarten de Boer, 2003/12/02
    - Re: Auth using PAM, Geoff Beier, 2003/12/02
    - Re: Auth using PAM, Ed Avis, 2003/12/02
- RE: Auth using PAM, Patton, Matthew E., CTR, OSD-PA&E, 2003/12/02
  - Re: Auth using PAM, Cary Coulter, 2003/12/02

Prev by Date: RE: Main branch tips
Next by Date: Re: Main branch tips
Previous by thread: Re: Auth using PAM
Next by thread: Re: Auth using PAM
Index(es):
- Date
- Thread