[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication through PAM

From: Mark D. Baushke
Subject: Re: Authentication through PAM
Date: Thu, 18 Jan 2007 08:32:11 -0800

Hash: SHA1

Sam Chu <address@hidden> writes:

> I am trying to setup pserver access using PAM authentication. Here is what I 
> did.
> 1. Downloaded cvs-1.12.13
> 2. Configure and make with pam enabled.
> 3. Add cvs PAM configuration file to /etc/pamd. The content of the 
> configuration file is
> auth            required      
> account        required      
> session        required      
> 4. Checkout worked with/without cvs PAM configuration file.
> My quesitons are:
> 1. Does CVS fall back to reqular authentication (in my case NIS) if
> the cvs PAM configuration file does not exist? If yes, how do I
> configure it so that it won't fall back to NIS.

I believe this would be related to how PAM is configured for your system
rather than how CVS is configured. However, I may not be the right person
to ask about this feature. I'll suggest that Brian Murphy <address@hidden>
might be a better person to answer many of these questions.

[I would rather see :pserver: support removed from CVS entirely...]

> 2. I am going to use LDAP as the authentication mechanism. What do I
> need to change in the PAM configuration file to use LDAP?

I do not know. I am not a PAM expert. If you can find how to configure
your PAM system to use LDAP in the general case for normal logins, then
the same rules should work when you start playing with CVS configurations.

> 3. I really would like to use ssh instead of pserver. What do I need
> to change in the PAM/LDAP context?

If you can ssh into your box using PAM/LDAP authentication, then you do
not need to do anything to your system to use cvs other than specify
:ext: (the client may need to setenv CVS_RSH=ssh if it is not configured
to default to using ssh over :ext: connections) or :extssh: as the
method to be used.

In other words, cvs using :ext: just runs on a remote command execution
of your 'ssh' command, so login to the system is governed by how your
system allows remote users to login rather than how cvs itself is

        -- Mark
Version: GnuPG v1.4.6 (FreeBSD)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]