This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: kerberos and cvs

From: Charles Wilson <cwilson at ece dot gatech dot edu>
To: cygwin-apps at cygwin dot com
Date: Tue, 01 Apr 2003 21:09:54 -0500
Subject: Re: kerberos and cvs
References: <3E89174C.1030205@ece.gatech.edu> <Pine.LNX.4.44.0304011014130.2557-100000@moria.atlanticsky.com>

Pavel Tsekov wrote:

On Mon, 31 Mar 2003, Charles Wilson wrote:

However, here's the problem:
  1) I know nothing about kerberos.  I don't even know enough to test it.


I use CVS at work with the gserver method i.e. GSS api. At least I have a
setup where I can test your work.

That'd be good...but I don't have cvsnt compiled just quite yet <g>. Is there a kerberized telnet server around there somewhere? kerb-rsh? kerb-ftp?

2) I do NOT want to maintain this beastly piece of software. However, I understand it is quite popular and would probably be a welcome addition to the cygwin system.

Oh, and one other thing; it seems that Cygnus Solutions used to offer something called "KerbNet" which I think was a krb4 system on top of cygwin. It's no longer on the Red Hat website; it seems to have gone the way of the dodo. I dunno if it means anything; I just thought it was interesting.

3) This port does NOT contain the niceties like "ssh-host-config" scripts and whatnot. A fully-fledged cygwin port should probably install things like that, and maybe even hook into the sysvinit system that Sergey contributed.

Why ? Do we want to run kerberos KDC ? I don't think so, or at least it is not necessary to run kerberized cvs. The KDC in our setup is a Win2k Active Directory.

Ah -- you've probably hit on why cvsnt requires kerberos. They want it to work in an Active Directory domain OOB. Which is not a bad thing...

For cvs you only need client libs and tools.

Don't you need to set up /etc/krb5.conf even for client access? And probably some sort of ~/.dotfile stuff? Plus, if someone REALLY wants ktelnet to be their default, then we need to worry about providing that behavior -- it's obvious that krb5 telnet is *supposed* to replace regular telnet seamlessly in a kerberized environment [e.g. the user shouldn't have to remember to type 'ktelnet']. Coordinating with inetutils maintainer for a structure like:

  inetutils:  itelnet.exe
  krb5:       ktelnet.exe

both packages have a postinstall script that sets up a symlink telnet.exe -> [ik]telnet.exe ditto all of the other conflicting files that I renamed in the krb5 packages (incl. man pages). It'll take some work to coordinate that, assuming that the inetutils maintainer is amenable (Corinna, I guess?)

Unfortunately, even if setup.exe had a conflicts: facility (soon, but not yet, I think), that wouldn't help -- because krb5 actually DEPENDS on an inetutils (static) library. So both must be installed (at least on the build machine). So, we can't simply undo my file renames, and say "install either krb5 or inetutils; not both". That's just out of the question. Blech...

You probably don't need to set up a /usr/lib/krb5kdc/kdc.conf file -- that's specific to KDC's, right?

So, I put these packages up in the hope that someone will adopt them, and bring them into the cygwin fold. If so, then I'll continue on my current track with cvsnt (which hopefully will eventually lead to functioning cvs servers...)

I may be interested to maintain this of course as time allows.

That'd be cool, if you can manage it. Like I said, I'm in no hurry here. Try 'em out, let me know if they work...look at the excrescence that is my build script -- the tarballs aren't going anywhere.

--Chuck

References:
- kerberos and cvs
  - From: Charles Wilson
- Re: kerberos and cvs
  - From: Pavel Tsekov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]