[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
[Home]
Re: using jCVS for secure connections?
Jeffrey,
J. Jeffrey Close wrote:
> I've been told by everyone I speak to that the pserver method of CVS is
> really a bad idea and not to use it. So the question is, does jCVS have
> another more secure method of connecting for remote clients?
The pserver method has it's place. It is not terribly secure, and had a
known security hole until recently. The main problem, though, is that
pserver sends passwords over the wire in cleartext.
If security is a real concern, there are a number of ways around the
issue:
*) through CVS:
*) You can use the kserver method for kerberos 4 auth and encryption
*) You can use the gserver method for GSS-API auth and encryption
*) through external systems:
*) some sort of VPN (MS PPTP, Aventail, etc.)
*) Kerberized rsh (remote shell)
In our environment, I am hoping to move to gserver. Unfortunately I
have been (as yet) unsuccessful in getting the server ported to run with
HP's DCE. Even then, I would probebly want to add GSS-API support to
jcvs (which is probably possible, but an onerus [SP?] task). On the
other hand, we are on an internal network, and pserver security is
currently acceptable for your environment.
Regards,
Neal
--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- Neal A. Dillman * neald@rose.hp.com -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- My opinions are. -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-