Kerberos authenticated -- CVS---Concurrent Versions System

Prev: Password authenticated Up: Remote repositories Top: Top

4.5.3. Direct connection with kerberos

The main disadvantage of using rsh is that all the data needs to pass through additional programs, so it may be slower. So if you have kerberos installed you can connect via a direct tcp connection, authenticating with kerberos (note that the data transmitted is not encrypted).

To do this, cvs needs to be compiled with kerberos support; when configuring cvs it tries to detect whether kerberos is present or you can use the --with-krb4 flag to configure.

You need to edit inetd.conf on the server machine to run cvs kserver. The client uses port 1999 by default; if you want to use another port specify it in the CVS_CLIENT_PORT environment variable on the client. Set CVS_CLIENT_PORT to `-1' to force an rsh connection.

When you want to use cvs, get a ticket in the usual way (generally kinit); it must be a ticket which allows you to log into the server machine. Then you are ready to go:

cvs -d chainsaw.brickyard.com:/user/local/cvsroot checkout foo

If cvs fails to connect, it will fall back to trying rsh.

Prev: Password authenticated Up: Remote repositories Top: Top