[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: need to force username of cvs 'action' when using sharedSSHaccount
From: |
Tim Grotenhuis |
Subject: |
RE: need to force username of cvs 'action' when using sharedSSHaccount |
Date: |
Sun, 2 May 2004 22:44:50 -0400 |
Thanks. That sounds like an okay solution. I'll give that a twirl.
tim
----- Original Message -----
From: "Matthew Herrmann" <address@hidden>
To: <address@hidden>
Sent: Sunday, May 02, 2004 7:55 PM
Subject: RE: Fw: need to force username of cvs 'action' when using
sharedSSHaccount
> Hi Tim,
>
> Ironically enough, exactly what you are asking for is pserver access.
> Because the username can be fairly easily overridden in this method, it's
> not considered secure (but in a normal work environment it's fine). The
ssh
> method of connecting is secure for the precise reason that secure is
managed
> outside cvs and it _won't_ let you get around it.
>
> The only other suggestion is to add a commit-check which ensures that the
> username is present in the commit message. You can set up a template which
> commit messages must conform to, and then change the cvs editors on each
> developer box so the pre-generated form comes up each time.
>
> This is a hack, but I can't see how you can do what you're after
otherwise.
>
> Best Regards,
>
> Matthew Herrmann
> ----------------
> Director
> Far Edge Technology
> http://www.faredge.com.au/
>
> -----Original Message-----
> Date: Sun, 2 May 2004 11:33:46 -0400
> From: "Tim Grotenhuis" <address@hidden>
> Subject: Fw: need to force username of cvs 'action' when using shared
> SSHaccount
> To: <address@hidden>
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
>
> > >
> > > Is there a reason why you can't use the old-fashioned strategem
> > > of one account per developer ?
>
> My ISP won't give me additional accounts.
>
> > > You can also use $HOME/.ssh/environment on the client side to tunnel
> > > environment variables of your choice. I've never tried it myself, I
> > > just saw that in the ssh man page. (Your developers would be able to
> > > cheat, though.) The trouble is, CVS doesn't look at the environment
to
> > > decide who's calling.
>
> My script that runs in the command="" option in the authorized_keys2 file
> runs successfully and I can control the input based on which key (ie,
which
> developer) is used. I am looking for the correct environmental variable
> that CVS WILL look at.
>
> > >
> > > > There HAS to be a way to force cvs to record the correct committer
> > > > name.
> > >
> > > Why ? Why would cvs extract that information from a source other than
> > > its own euid ?
>
> I just can't imagine that this hasn't been required before: a single
shell
> account with a used id of, for example, 'cvsuser' requiring SSH, instead
of
> pserver, authentication and access for developers. The nature of CVS,
that
> of tracking diffs and who did what when, seems to be compromised in this
> situation. Thats all.
>
>
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
>
>
>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- RE: need to force username of cvs 'action' when using sharedSSHaccount,
Tim Grotenhuis <=