(cvs.info.gz) GSSAPI authenticated
Info Catalog
(cvs.info.gz) Password authenticated
(cvs.info.gz) Remote repositories
(cvs.info.gz) Kerberos authenticated
2.9.5 Direct connection with GSSAPI
-----------------------------------
GSSAPI is a generic interface to network security systems such as
Kerberos 5. If you have a working GSSAPI library, you can have CVS
connect via a direct TCP connection, authenticating with GSSAPI.
To do this, CVS needs to be compiled with GSSAPI support; when
configuring CVS it tries to detect whether GSSAPI libraries using
Kerberos version 5 are present. You can also use the `--with-gssapi'
flag to configure.
The connection is authenticated using GSSAPI, but the message stream
is _not_ authenticated by default. You must use the `-a' global option
to request stream authentication.
The data transmitted is _not_ encrypted by default. Encryption
support must be compiled into both the client and the server; use the
`--enable-encrypt' configure option to turn it on. You must then use
the `-x' global option to request encryption.
GSSAPI connections are handled on the server side by the same server
which handles the password authentication server; see Password
authentication server. If you are using a GSSAPI mechanism such as
Kerberos which provides for strong authentication, you will probably
want to disable the ability to authenticate via cleartext passwords.
To do so, create an empty `CVSROOT/passwd' password file, and set
`SystemAuth=no' in the config file ( config).
The GSSAPI server uses a principal name of cvs/HOSTNAME, where
HOSTNAME is the canonical name of the server host. You will have to
set this up as required by your GSSAPI mechanism.
To connect using GSSAPI, use the `:gserver:' method. For example,
cvs -d :gserver:faun.example.org:/usr/local/cvsroot checkout foo
Info Catalog
(cvs.info.gz) Password authenticated
(cvs.info.gz) Remote repositories
(cvs.info.gz) Kerberos authenticated
automatically generated byinfo2html