Kerberized CVS
Austin Gonyou
austin at coremetrics.com
Fri Apr 19 17:24:43 EDT 2002
On Fri, 2002-04-19 at 14:27, Sam Hartman wrote:
> >>>>> "Austin" == Austin Gonyou <austin at coremetrics.com> writes:
>
> Austin> What are some good ways to implement this? gserver or
> Austin> kserver? Also, I prefer kerberos 5, since we're rolling
> Austin> that out for everything else.
>
> Well, gserver will get you Kerberos 5. If you use gserver with
> encryption (assuming it supports it), that should be fine. If gserver
Right. I hear you there.
> does not support encryption it is insecure both because not using
> encryption is bad in and of itself and because the server does not
> authenticate itself to the client. This is bad because a
> man-in-the-middle may be able to get your client to send some of your
> source code to it rather than the real server.
>
> You can also use cvs over GSSAPI ssh.
This might just be the order of the day. THX.
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20020419/d08e5bad/attachment.bin
More information about the Kerberos
mailing list