Kerberized CVS

[Sam Hartman]

>>>>> "Austin" == Austin Gonyou <austin at coremetrics.com> writes:

    Austin> What are some good ways to implement this? gserver or
    Austin> kserver?  Also, I prefer kerberos 5, since we're rolling
    Austin> that out for everything else.

Well, gserver will get you Kerberos 5.  If you use gserver with
encryption (assuming it supports it), that should be fine.  If gserver
does not support encryption it is insecure both because not using
encryption is bad in and of itself and because the server does not
authenticate itself to the client.  This is bad because a
man-in-the-middle may be able to get your client to send some of your
source code to it rather than the real server.

You can also use cvs over GSSAPI ssh.