[Kfwdev] CVS access vs NATs
Jeffrey Altman
jaltman at secure-endpoints.com
Fri Apr 20 06:01:25 EDT 2007
Once again someone has been bitten by Kerberos v4's lack of support for
multiple IP addresses, NATs and VPNs. This is why more than four years
ago I pushed to have the cvs server on drugstore upgraded to support
gss-api for authentication. Using Kerberos v4 is just too annoying.
drugstore was updated and since at least mid-2003 I have been accessing
the cvs repositories using 'gserver'.
A pre-compiled 'gserver' and 'kserver' aware binary is available at
~jaltman/Public/cvs.exe. The sources from which it was built are at
~jaltman/Public/cvs-1.11-gss.zip.
I encourage people to use it and to modify the default cvs access method
in the build script configuration to reference "gserver" instead of
"kserver". We are supposed to be attempting to get rid of Kerberos v4.
It makes no sense to me that we continue to use it when there is a
readily available GSS-API Kerberos v5 solution available.
Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kfwdev/attachments/20070420/33b688e8/attachment.bin
More information about the kfwdev
mailing list