2.9.5 Direct connection with Kerberos
The easiest way to use Kerberos is to use the Kerberos
rsh
, as described in Connecting with rsh.
The main disadvantage of using rsh is that all the data
needs to pass through additional programs, so it may be
slower. So if you have Kerberos installed you can
connect via a direct TCP connection,
authenticating with Kerberos.
This section concerns the Kerberos network security
system, version 4. Kerberos version 5 is supported via
the GSSAPI generic network security interface, as
described in the previous section.
To do this, CVS needs to be compiled with Kerberos
support; when configuring CVS it tries to detect
whether Kerberos is present or you can use the
`--with-krb4' flag to configure.
The data transmitted is not encrypted by
default. Encryption support must be compiled into both
the client and server; use the
`--enable-encryption' configure option to turn it
on. You must then use the -x
global option to
request encryption.
You need to edit `inetd.conf' on the server
machine to run cvs kserver
. The client uses
port 1999 by default; if you want to use another port
specify it in the CVSROOT
(see section Remote repositories)
or the CVS_CLIENT_PORT
environment variable
(see section All environment variables which affect CVS) on the client.
When you want to use CVS, get a ticket in the
usual way (generally kinit
); it must be a ticket
which allows you to log into the server machine. Then
you are ready to go:
| cvs -d :kserver:faun.example.org:/usr/local/cvsroot checkout foo
|
Previous versions of CVS would fall back to a
connection via rsh; this version will not do so.