[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
[Home]
Re: using jCVS for secure connections?
Tim Endres wrote:
> Can you expound on why it would be onerous?
>
> There are two ways to extend jCVS's I/O stream, which seem to accomodate
> most needs. The first is to replace the I/O internally with a Java package,
> or to use an exec() of a process that handles the I/O via stdio. The latter
> method is what some folks use for SSH connectivity.
The second method is what I referred to as "through external systems" in
the prior mail. This is less desirable, as I am attempting the make the
repository completely black box -- ie: user's home directories are set
to /dev/null, and their shells are set to /bin/false. The thoery there
being that if users can't log in it is a bit tougher for them to
[unintentionally] rm -rf the repository.
Replacing the internal IO would likely be onerous because I would need
to write a package that has clean access to gssapi's existing
credentials. That would mean having java read the credential cache,
request the cvs ticket, etc. Then again, this may have already been
written by someone.
Regards,
Neal
--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- Neal A. Dillman * neald@rose.hp.com -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- My opinions are. -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-