Kerberized CVS
Sam Hartman
hartmans at MIT.EDU
Fri Apr 19 15:27:59 EDT 2002
>>>>> "Austin" == Austin Gonyou <austin at coremetrics.com> writes:
Austin> What are some good ways to implement this? gserver or
Austin> kserver? Also, I prefer kerberos 5, since we're rolling
Austin> that out for everything else.
Well, gserver will get you Kerberos 5. If you use gserver with
encryption (assuming it supports it), that should be fine. If gserver
does not support encryption it is insecure both because not using
encryption is bad in and of itself and because the server does not
authenticate itself to the client. This is bad because a
man-in-the-middle may be able to get your client to send some of your
source code to it rather than the real server.
You can also use cvs over GSSAPI ssh.
More information about the Kerberos
mailing list